2 * Copyright (c) 1991 Regents of the University of California.
4 * Copyright (c) 1994 John S. Dyson
6 * Copyright (c) 1994 David Greenman
8 * Copyright (c) 2005-2010 Alan L. Cox <alc@cs.rice.edu>
11 * This code is derived from software contributed to Berkeley by
12 * the Systems Programming Group of the University of Utah Computer
13 * Science Department and William Jolitz of UUNET Technologies Inc.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. All advertising materials mentioning features or use of this software
24 * must display the following acknowledgement:
25 * This product includes software developed by the University of
26 * California, Berkeley and its contributors.
27 * 4. Neither the name of the University nor the names of its contributors
28 * may be used to endorse or promote products derived from this software
29 * without specific prior written permission.
31 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
32 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
33 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
34 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
35 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
39 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
40 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * from: @(#)pmap.c 7.7 (Berkeley) 5/12/91
46 * Copyright (c) 2003 Networks Associates Technology, Inc.
47 * All rights reserved.
49 * This software was developed for the FreeBSD Project by Jake Burkholder,
50 * Safeport Network Services, and Network Associates Laboratories, the
51 * Security Research Division of Network Associates, Inc. under
52 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
53 * CHATS research program.
55 * Redistribution and use in source and binary forms, with or without
56 * modification, are permitted provided that the following conditions
58 * 1. Redistributions of source code must retain the above copyright
59 * notice, this list of conditions and the following disclaimer.
60 * 2. Redistributions in binary form must reproduce the above copyright
61 * notice, this list of conditions and the following disclaimer in the
62 * documentation and/or other materials provided with the distribution.
64 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
65 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
66 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
67 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
68 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
69 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
70 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
71 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
72 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
73 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
77 #include <sys/cdefs.h>
78 __FBSDID("$FreeBSD$");
81 * Manages physical address maps.
83 * Since the information managed by this module is
84 * also stored by the logical address mapping module,
85 * this module may throw away valid virtual-to-physical
86 * mappings at almost any time. However, invalidations
87 * of virtual-to-physical mappings must be done as
90 * In order to cope with hardware architectures which
91 * make virtual-to-physical map invalidates expensive,
92 * this module may delay invalidate or reduced protection
93 * operations until such time as they are actually
94 * necessary. This module is given full information as
95 * to which processors are currently using which maps,
96 * and to when physical maps must be made correct.
100 #include "opt_pmap.h"
102 #include "opt_xbox.h"
104 #include <sys/param.h>
105 #include <sys/systm.h>
106 #include <sys/kernel.h>
108 #include <sys/lock.h>
109 #include <sys/malloc.h>
110 #include <sys/mman.h>
111 #include <sys/msgbuf.h>
112 #include <sys/mutex.h>
113 #include <sys/proc.h>
114 #include <sys/rwlock.h>
115 #include <sys/sf_buf.h>
117 #include <sys/vmmeter.h>
118 #include <sys/sched.h>
119 #include <sys/sysctl.h>
123 #include <sys/cpuset.h>
127 #include <vm/vm_param.h>
128 #include <vm/vm_kern.h>
129 #include <vm/vm_page.h>
130 #include <vm/vm_map.h>
131 #include <vm/vm_object.h>
132 #include <vm/vm_extern.h>
133 #include <vm/vm_pageout.h>
134 #include <vm/vm_pager.h>
135 #include <vm/vm_reserv.h>
138 #include <machine/cpu.h>
139 #include <machine/cputypes.h>
140 #include <machine/md_var.h>
141 #include <machine/pcb.h>
142 #include <machine/specialreg.h>
144 #include <machine/smp.h>
148 #include <machine/xbox.h>
151 #if !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
152 #define CPU_ENABLE_SSE
155 #ifndef PMAP_SHPGPERPROC
156 #define PMAP_SHPGPERPROC 200
159 #if !defined(DIAGNOSTIC)
160 #ifdef __GNUC_GNU_INLINE__
161 #define PMAP_INLINE __attribute__((__gnu_inline__)) inline
163 #define PMAP_INLINE extern inline
170 #define PV_STAT(x) do { x ; } while (0)
172 #define PV_STAT(x) do { } while (0)
175 #define pa_index(pa) ((pa) >> PDRSHIFT)
176 #define pa_to_pvh(pa) (&pv_table[pa_index(pa)])
179 * Get PDEs and PTEs for user/kernel address space
181 #define pmap_pde(m, v) (&((m)->pm_pdir[(vm_offset_t)(v) >> PDRSHIFT]))
182 #define pdir_pde(m, v) (m[(vm_offset_t)(v) >> PDRSHIFT])
184 #define pmap_pde_v(pte) ((*(int *)pte & PG_V) != 0)
185 #define pmap_pte_w(pte) ((*(int *)pte & PG_W) != 0)
186 #define pmap_pte_m(pte) ((*(int *)pte & PG_M) != 0)
187 #define pmap_pte_u(pte) ((*(int *)pte & PG_A) != 0)
188 #define pmap_pte_v(pte) ((*(int *)pte & PG_V) != 0)
190 #define pmap_pte_set_w(pte, v) ((v) ? atomic_set_int((u_int *)(pte), PG_W) : \
191 atomic_clear_int((u_int *)(pte), PG_W))
192 #define pmap_pte_set_prot(pte, v) ((*(int *)pte &= ~PG_PROT), (*(int *)pte |= (v)))
194 struct pmap kernel_pmap_store;
195 LIST_HEAD(pmaplist, pmap);
196 static struct pmaplist allpmaps;
197 static struct mtx allpmaps_lock;
199 vm_offset_t virtual_avail; /* VA of first avail page (after kernel bss) */
200 vm_offset_t virtual_end; /* VA of last avail page (end of kernel AS) */
201 int pgeflag = 0; /* PG_G or-in */
202 int pseflag = 0; /* PG_PS or-in */
204 static int nkpt = NKPT;
205 vm_offset_t kernel_vm_end = KERNBASE + NKPT * NBPDR;
206 extern u_int32_t KERNend;
207 extern u_int32_t KPTphys;
211 static uma_zone_t pdptzone;
214 static SYSCTL_NODE(_vm, OID_AUTO, pmap, CTLFLAG_RD, 0, "VM/pmap parameters");
216 static int pat_works = 1;
217 SYSCTL_INT(_vm_pmap, OID_AUTO, pat_works, CTLFLAG_RD, &pat_works, 1,
218 "Is page attribute table fully functional?");
220 static int pg_ps_enabled = 1;
221 SYSCTL_INT(_vm_pmap, OID_AUTO, pg_ps_enabled, CTLFLAG_RDTUN, &pg_ps_enabled, 0,
222 "Are large page mappings enabled?");
224 #define PAT_INDEX_SIZE 8
225 static int pat_index[PAT_INDEX_SIZE]; /* cache mode to PAT index conversion */
227 static struct rwlock_padalign pvh_global_lock;
230 * Data for the pv entry allocation mechanism
232 static TAILQ_HEAD(pch, pv_chunk) pv_chunks = TAILQ_HEAD_INITIALIZER(pv_chunks);
233 static int pv_entry_count = 0, pv_entry_max = 0, pv_entry_high_water = 0;
234 static struct md_page *pv_table;
235 static int shpgperproc = PMAP_SHPGPERPROC;
237 struct pv_chunk *pv_chunkbase; /* KVA block for pv_chunks */
238 int pv_maxchunks; /* How many chunks we have KVA for */
239 vm_offset_t pv_vafree; /* freelist stored in the PTE */
242 * All those kernel PT submaps that BSD is so fond of
251 static struct sysmaps sysmaps_pcpu[MAXCPU];
252 pt_entry_t *CMAP1 = 0;
253 static pt_entry_t *CMAP3;
254 static pd_entry_t *KPTD;
255 caddr_t CADDR1 = 0, ptvmmap = 0;
256 static caddr_t CADDR3;
257 struct msgbuf *msgbufp = 0;
262 static caddr_t crashdumpmap;
264 static pt_entry_t *PMAP1 = 0, *PMAP2;
265 static pt_entry_t *PADDR1 = 0, *PADDR2;
268 static int PMAP1changedcpu;
269 SYSCTL_INT(_debug, OID_AUTO, PMAP1changedcpu, CTLFLAG_RD,
271 "Number of times pmap_pte_quick changed CPU with same PMAP1");
273 static int PMAP1changed;
274 SYSCTL_INT(_debug, OID_AUTO, PMAP1changed, CTLFLAG_RD,
276 "Number of times pmap_pte_quick changed PMAP1");
277 static int PMAP1unchanged;
278 SYSCTL_INT(_debug, OID_AUTO, PMAP1unchanged, CTLFLAG_RD,
280 "Number of times pmap_pte_quick didn't change PMAP1");
281 static struct mtx PMAP2mutex;
283 static void free_pv_chunk(struct pv_chunk *pc);
284 static void free_pv_entry(pmap_t pmap, pv_entry_t pv);
285 static pv_entry_t get_pv_entry(pmap_t pmap, boolean_t try);
286 static void pmap_pv_demote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa);
287 static boolean_t pmap_pv_insert_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa);
288 static void pmap_pv_promote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa);
289 static void pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va);
290 static pv_entry_t pmap_pvh_remove(struct md_page *pvh, pmap_t pmap,
292 static int pmap_pvh_wired_mappings(struct md_page *pvh, int count);
294 static boolean_t pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va);
295 static boolean_t pmap_enter_pde(pmap_t pmap, vm_offset_t va, vm_page_t m,
297 static vm_page_t pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va,
298 vm_page_t m, vm_prot_t prot, vm_page_t mpte);
299 static void pmap_flush_page(vm_page_t m);
300 static void pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte);
301 static void pmap_fill_ptp(pt_entry_t *firstpte, pt_entry_t newpte);
302 static boolean_t pmap_is_modified_pvh(struct md_page *pvh);
303 static boolean_t pmap_is_referenced_pvh(struct md_page *pvh);
304 static void pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode);
305 static void pmap_kenter_pde(vm_offset_t va, pd_entry_t newpde);
306 static vm_page_t pmap_lookup_pt_page(pmap_t pmap, vm_offset_t va);
307 static void pmap_pde_attr(pd_entry_t *pde, int cache_bits);
308 static void pmap_promote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va);
309 static boolean_t pmap_protect_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t sva,
311 static void pmap_pte_attr(pt_entry_t *pte, int cache_bits);
312 static void pmap_remove_pde(pmap_t pmap, pd_entry_t *pdq, vm_offset_t sva,
314 static int pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t sva,
316 static void pmap_remove_pt_page(pmap_t pmap, vm_page_t mpte);
317 static void pmap_remove_page(struct pmap *pmap, vm_offset_t va,
319 static void pmap_remove_entry(struct pmap *pmap, vm_page_t m,
321 static void pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m);
322 static boolean_t pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va,
324 static void pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde,
326 static void pmap_update_pde_invalidate(vm_offset_t va, pd_entry_t newpde);
328 static vm_page_t pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags);
330 static vm_page_t _pmap_allocpte(pmap_t pmap, u_int ptepindex, int flags);
331 static void _pmap_unwire_ptp(pmap_t pmap, vm_page_t m, vm_page_t *free);
332 static pt_entry_t *pmap_pte_quick(pmap_t pmap, vm_offset_t va);
333 static void pmap_pte_release(pt_entry_t *pte);
334 static int pmap_unuse_pt(pmap_t, vm_offset_t, vm_page_t *);
336 static void *pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait);
338 static void pmap_set_pg(void);
340 static __inline void pagezero(void *page);
342 CTASSERT(1 << PDESHIFT == sizeof(pd_entry_t));
343 CTASSERT(1 << PTESHIFT == sizeof(pt_entry_t));
346 * If you get an error here, then you set KVA_PAGES wrong! See the
347 * description of KVA_PAGES in sys/i386/include/pmap.h. It must be
348 * multiple of 4 for a normal kernel, or a multiple of 8 for a PAE.
350 CTASSERT(KERNBASE % (1 << 24) == 0);
353 * Bootstrap the system enough to run with virtual memory.
355 * On the i386 this is called after mapping has already been enabled
356 * and just syncs the pmap module with what has already been done.
357 * [We can't call it easily with mapping off since the kernel is not
358 * mapped with PA == VA, hence we would have to relocate every address
359 * from the linked base (virtual) address "KERNBASE" to the actual
360 * (physical) address starting relative to 0]
363 pmap_bootstrap(vm_paddr_t firstaddr)
366 pt_entry_t *pte, *unused;
367 struct sysmaps *sysmaps;
371 * Initialize the first available kernel virtual address. However,
372 * using "firstaddr" may waste a few pages of the kernel virtual
373 * address space, because locore may not have mapped every physical
374 * page that it allocated. Preferably, locore would provide a first
375 * unused virtual address in addition to "firstaddr".
377 virtual_avail = (vm_offset_t) KERNBASE + firstaddr;
379 virtual_end = VM_MAX_KERNEL_ADDRESS;
382 * Initialize the kernel pmap (which is statically allocated).
384 PMAP_LOCK_INIT(kernel_pmap);
385 kernel_pmap->pm_pdir = (pd_entry_t *) (KERNBASE + (u_int)IdlePTD);
387 kernel_pmap->pm_pdpt = (pdpt_entry_t *) (KERNBASE + (u_int)IdlePDPT);
389 kernel_pmap->pm_root = NULL;
390 CPU_FILL(&kernel_pmap->pm_active); /* don't allow deactivation */
391 TAILQ_INIT(&kernel_pmap->pm_pvchunk);
394 * Initialize the global pv list lock.
396 rw_init(&pvh_global_lock, "pmap pv global");
398 LIST_INIT(&allpmaps);
401 * Request a spin mutex so that changes to allpmaps cannot be
402 * preempted by smp_rendezvous_cpus(). Otherwise,
403 * pmap_update_pde_kernel() could access allpmaps while it is
406 mtx_init(&allpmaps_lock, "allpmaps", NULL, MTX_SPIN);
407 mtx_lock_spin(&allpmaps_lock);
408 LIST_INSERT_HEAD(&allpmaps, kernel_pmap, pm_list);
409 mtx_unlock_spin(&allpmaps_lock);
412 * Reserve some special page table entries/VA space for temporary
415 #define SYSMAP(c, p, v, n) \
416 v = (c)va; va += ((n)*PAGE_SIZE); p = pte; pte += (n);
422 * CMAP1/CMAP2 are used for zeroing and copying pages.
423 * CMAP3 is used for the idle process page zeroing.
425 for (i = 0; i < MAXCPU; i++) {
426 sysmaps = &sysmaps_pcpu[i];
427 mtx_init(&sysmaps->lock, "SYSMAPS", NULL, MTX_DEF);
428 SYSMAP(caddr_t, sysmaps->CMAP1, sysmaps->CADDR1, 1)
429 SYSMAP(caddr_t, sysmaps->CMAP2, sysmaps->CADDR2, 1)
431 SYSMAP(caddr_t, CMAP1, CADDR1, 1)
432 SYSMAP(caddr_t, CMAP3, CADDR3, 1)
437 SYSMAP(caddr_t, unused, crashdumpmap, MAXDUMPPGS)
440 * ptvmmap is used for reading arbitrary physical pages via /dev/mem.
442 SYSMAP(caddr_t, unused, ptvmmap, 1)
445 * msgbufp is used to map the system message buffer.
447 SYSMAP(struct msgbuf *, unused, msgbufp, atop(round_page(msgbufsize)))
450 * KPTmap is used by pmap_kextract().
452 * KPTmap is first initialized by locore. However, that initial
453 * KPTmap can only support NKPT page table pages. Here, a larger
454 * KPTmap is created that can support KVA_PAGES page table pages.
456 SYSMAP(pt_entry_t *, KPTD, KPTmap, KVA_PAGES)
458 for (i = 0; i < NKPT; i++)
459 KPTD[i] = (KPTphys + (i << PAGE_SHIFT)) | pgeflag | PG_RW | PG_V;
462 * Adjust the start of the KPTD and KPTmap so that the implementation
463 * of pmap_kextract() and pmap_growkernel() can be made simpler.
466 KPTmap -= i386_btop(KPTDI << PDRSHIFT);
469 * PADDR1 and PADDR2 are used by pmap_pte_quick() and pmap_pte(),
472 SYSMAP(pt_entry_t *, PMAP1, PADDR1, 1)
473 SYSMAP(pt_entry_t *, PMAP2, PADDR2, 1)
475 mtx_init(&PMAP2mutex, "PMAP2", NULL, MTX_DEF);
480 * Leave in place an identity mapping (virt == phys) for the low 1 MB
481 * physical memory region that is used by the ACPI wakeup code. This
482 * mapping must not have PG_G set.
485 /* FIXME: This is gross, but needed for the XBOX. Since we are in such
486 * an early stadium, we cannot yet neatly map video memory ... :-(
487 * Better fixes are very welcome! */
488 if (!arch_i386_is_xbox)
490 for (i = 1; i < NKPT; i++)
493 /* Initialize the PAT MSR if present. */
496 /* Turn on PG_G on kernel page(s) */
506 int pat_table[PAT_INDEX_SIZE];
511 /* Set default PAT index table. */
512 for (i = 0; i < PAT_INDEX_SIZE; i++)
514 pat_table[PAT_WRITE_BACK] = 0;
515 pat_table[PAT_WRITE_THROUGH] = 1;
516 pat_table[PAT_UNCACHEABLE] = 3;
517 pat_table[PAT_WRITE_COMBINING] = 3;
518 pat_table[PAT_WRITE_PROTECTED] = 3;
519 pat_table[PAT_UNCACHED] = 3;
521 /* Bail if this CPU doesn't implement PAT. */
522 if ((cpu_feature & CPUID_PAT) == 0) {
523 for (i = 0; i < PAT_INDEX_SIZE; i++)
524 pat_index[i] = pat_table[i];
530 * Due to some Intel errata, we can only safely use the lower 4
533 * Intel Pentium III Processor Specification Update
534 * Errata E.27 (Upper Four PAT Entries Not Usable With Mode B
537 * Intel Pentium IV Processor Specification Update
538 * Errata N46 (PAT Index MSB May Be Calculated Incorrectly)
540 if (cpu_vendor_id == CPU_VENDOR_INTEL &&
541 !(CPUID_TO_FAMILY(cpu_id) == 6 && CPUID_TO_MODEL(cpu_id) >= 0xe))
544 /* Initialize default PAT entries. */
545 pat_msr = PAT_VALUE(0, PAT_WRITE_BACK) |
546 PAT_VALUE(1, PAT_WRITE_THROUGH) |
547 PAT_VALUE(2, PAT_UNCACHED) |
548 PAT_VALUE(3, PAT_UNCACHEABLE) |
549 PAT_VALUE(4, PAT_WRITE_BACK) |
550 PAT_VALUE(5, PAT_WRITE_THROUGH) |
551 PAT_VALUE(6, PAT_UNCACHED) |
552 PAT_VALUE(7, PAT_UNCACHEABLE);
556 * Leave the indices 0-3 at the default of WB, WT, UC-, and UC.
557 * Program 5 and 6 as WP and WC.
558 * Leave 4 and 7 as WB and UC.
560 pat_msr &= ~(PAT_MASK(5) | PAT_MASK(6));
561 pat_msr |= PAT_VALUE(5, PAT_WRITE_PROTECTED) |
562 PAT_VALUE(6, PAT_WRITE_COMBINING);
563 pat_table[PAT_UNCACHED] = 2;
564 pat_table[PAT_WRITE_PROTECTED] = 5;
565 pat_table[PAT_WRITE_COMBINING] = 6;
568 * Just replace PAT Index 2 with WC instead of UC-.
570 pat_msr &= ~PAT_MASK(2);
571 pat_msr |= PAT_VALUE(2, PAT_WRITE_COMBINING);
572 pat_table[PAT_WRITE_COMBINING] = 2;
577 load_cr4(cr4 & ~CR4_PGE);
579 /* Disable caches (CD = 1, NW = 0). */
581 load_cr0((cr0 & ~CR0_NW) | CR0_CD);
583 /* Flushes caches and TLBs. */
587 /* Update PAT and index table. */
588 wrmsr(MSR_PAT, pat_msr);
589 for (i = 0; i < PAT_INDEX_SIZE; i++)
590 pat_index[i] = pat_table[i];
592 /* Flush caches and TLBs again. */
596 /* Restore caches and PGE. */
602 * Set PG_G on kernel pages. Only the BSP calls this when SMP is turned on.
608 vm_offset_t va, endva;
613 endva = KERNBASE + KERNend;
616 va = KERNBASE + KERNLOAD;
618 pdir_pde(PTD, va) |= pgeflag;
619 invltlb(); /* Play it safe, invltlb() every time */
623 va = (vm_offset_t)btext;
628 invltlb(); /* Play it safe, invltlb() every time */
635 * Initialize a vm_page's machine-dependent fields.
638 pmap_page_init(vm_page_t m)
641 TAILQ_INIT(&m->md.pv_list);
642 m->md.pat_mode = PAT_WRITE_BACK;
647 pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait)
650 /* Inform UMA that this allocator uses kernel_map/object. */
651 *flags = UMA_SLAB_KERNEL;
652 return ((void *)kmem_alloc_contig(kernel_map, bytes, wait, 0x0ULL,
653 0xffffffffULL, 1, 0, VM_MEMATTR_DEFAULT));
658 * ABuse the pte nodes for unmapped kva to thread a kva freelist through.
660 * - Must deal with pages in order to ensure that none of the PG_* bits
661 * are ever set, PG_V in particular.
662 * - Assumes we can write to ptes without pte_store() atomic ops, even
663 * on PAE systems. This should be ok.
664 * - Assumes nothing will ever test these addresses for 0 to indicate
665 * no mapping instead of correctly checking PG_V.
666 * - Assumes a vm_offset_t will fit in a pte (true for i386).
667 * Because PG_V is never set, there can be no mappings to invalidate.
670 pmap_ptelist_alloc(vm_offset_t *head)
677 return (va); /* Out of memory */
681 panic("pmap_ptelist_alloc: va with PG_V set!");
687 pmap_ptelist_free(vm_offset_t *head, vm_offset_t va)
692 panic("pmap_ptelist_free: freeing va with PG_V set!");
694 *pte = *head; /* virtual! PG_V is 0 though */
699 pmap_ptelist_init(vm_offset_t *head, void *base, int npages)
705 for (i = npages - 1; i >= 0; i--) {
706 va = (vm_offset_t)base + i * PAGE_SIZE;
707 pmap_ptelist_free(head, va);
713 * Initialize the pmap module.
714 * Called by vm_init, to initialize any structures that the pmap
715 * system needs to map virtual memory.
725 * Initialize the vm page array entries for the kernel pmap's
728 for (i = 0; i < NKPT; i++) {
729 mpte = PHYS_TO_VM_PAGE(KPTphys + (i << PAGE_SHIFT));
730 KASSERT(mpte >= vm_page_array &&
731 mpte < &vm_page_array[vm_page_array_size],
732 ("pmap_init: page table page is out of range"));
733 mpte->pindex = i + KPTDI;
734 mpte->phys_addr = KPTphys + (i << PAGE_SHIFT);
738 * Initialize the address space (zone) for the pv entries. Set a
739 * high water mark so that the system can recover from excessive
740 * numbers of pv entries.
742 TUNABLE_INT_FETCH("vm.pmap.shpgperproc", &shpgperproc);
743 pv_entry_max = shpgperproc * maxproc + cnt.v_page_count;
744 TUNABLE_INT_FETCH("vm.pmap.pv_entries", &pv_entry_max);
745 pv_entry_max = roundup(pv_entry_max, _NPCPV);
746 pv_entry_high_water = 9 * (pv_entry_max / 10);
749 * If the kernel is running in a virtual machine on an AMD Family 10h
750 * processor, then it must assume that MCA is enabled by the virtual
753 if (vm_guest == VM_GUEST_VM && cpu_vendor_id == CPU_VENDOR_AMD &&
754 CPUID_TO_FAMILY(cpu_id) == 0x10)
755 workaround_erratum383 = 1;
758 * Are large page mappings supported and enabled?
760 TUNABLE_INT_FETCH("vm.pmap.pg_ps_enabled", &pg_ps_enabled);
763 else if (pg_ps_enabled) {
764 KASSERT(MAXPAGESIZES > 1 && pagesizes[1] == 0,
765 ("pmap_init: can't assign to pagesizes[1]"));
766 pagesizes[1] = NBPDR;
770 * Calculate the size of the pv head table for superpages.
772 for (i = 0; phys_avail[i + 1]; i += 2);
773 pv_npg = round_4mpage(phys_avail[(i - 2) + 1]) / NBPDR;
776 * Allocate memory for the pv head table for superpages.
778 s = (vm_size_t)(pv_npg * sizeof(struct md_page));
780 pv_table = (struct md_page *)kmem_alloc(kernel_map, s);
781 for (i = 0; i < pv_npg; i++)
782 TAILQ_INIT(&pv_table[i].pv_list);
784 pv_maxchunks = MAX(pv_entry_max / _NPCPV, maxproc);
785 pv_chunkbase = (struct pv_chunk *)kmem_alloc_nofault(kernel_map,
786 PAGE_SIZE * pv_maxchunks);
787 if (pv_chunkbase == NULL)
788 panic("pmap_init: not enough kvm for pv chunks");
789 pmap_ptelist_init(&pv_vafree, pv_chunkbase, pv_maxchunks);
791 pdptzone = uma_zcreate("PDPT", NPGPTD * sizeof(pdpt_entry_t), NULL,
792 NULL, NULL, NULL, (NPGPTD * sizeof(pdpt_entry_t)) - 1,
793 UMA_ZONE_VM | UMA_ZONE_NOFREE);
794 uma_zone_set_allocf(pdptzone, pmap_pdpt_allocf);
799 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_max, CTLFLAG_RD, &pv_entry_max, 0,
800 "Max number of PV entries");
801 SYSCTL_INT(_vm_pmap, OID_AUTO, shpgperproc, CTLFLAG_RD, &shpgperproc, 0,
802 "Page share factor per proc");
804 static SYSCTL_NODE(_vm_pmap, OID_AUTO, pde, CTLFLAG_RD, 0,
805 "2/4MB page mapping counters");
807 static u_long pmap_pde_demotions;
808 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, demotions, CTLFLAG_RD,
809 &pmap_pde_demotions, 0, "2/4MB page demotions");
811 static u_long pmap_pde_mappings;
812 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, mappings, CTLFLAG_RD,
813 &pmap_pde_mappings, 0, "2/4MB page mappings");
815 static u_long pmap_pde_p_failures;
816 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, p_failures, CTLFLAG_RD,
817 &pmap_pde_p_failures, 0, "2/4MB page promotion failures");
819 static u_long pmap_pde_promotions;
820 SYSCTL_ULONG(_vm_pmap_pde, OID_AUTO, promotions, CTLFLAG_RD,
821 &pmap_pde_promotions, 0, "2/4MB page promotions");
823 /***************************************************
824 * Low level helper routines.....
825 ***************************************************/
828 * Determine the appropriate bits to set in a PTE or PDE for a specified
832 pmap_cache_bits(int mode, boolean_t is_pde)
834 int cache_bits, pat_flag, pat_idx;
836 if (mode < 0 || mode >= PAT_INDEX_SIZE || pat_index[mode] < 0)
837 panic("Unknown caching mode %d\n", mode);
839 /* The PAT bit is different for PTE's and PDE's. */
840 pat_flag = is_pde ? PG_PDE_PAT : PG_PTE_PAT;
842 /* Map the caching mode to a PAT index. */
843 pat_idx = pat_index[mode];
845 /* Map the 3-bit index value into the PAT, PCD, and PWT bits. */
848 cache_bits |= pat_flag;
850 cache_bits |= PG_NC_PCD;
852 cache_bits |= PG_NC_PWT;
857 * The caller is responsible for maintaining TLB consistency.
860 pmap_kenter_pde(vm_offset_t va, pd_entry_t newpde)
864 boolean_t PTD_updated;
867 mtx_lock_spin(&allpmaps_lock);
868 LIST_FOREACH(pmap, &allpmaps, pm_list) {
869 if ((pmap->pm_pdir[PTDPTDI] & PG_FRAME) == (PTDpde[0] &
872 pde = pmap_pde(pmap, va);
873 pde_store(pde, newpde);
875 mtx_unlock_spin(&allpmaps_lock);
877 ("pmap_kenter_pde: current page table is not in allpmaps"));
881 * After changing the page size for the specified virtual address in the page
882 * table, flush the corresponding entries from the processor's TLB. Only the
883 * calling processor's TLB is affected.
885 * The calling thread must be pinned to a processor.
888 pmap_update_pde_invalidate(vm_offset_t va, pd_entry_t newpde)
892 if ((newpde & PG_PS) == 0)
893 /* Demotion: flush a specific 2MB page mapping. */
895 else if ((newpde & PG_G) == 0)
897 * Promotion: flush every 4KB page mapping from the TLB
898 * because there are too many to flush individually.
903 * Promotion: flush every 4KB page mapping from the TLB,
904 * including any global (PG_G) mappings.
907 load_cr4(cr4 & ~CR4_PGE);
909 * Although preemption at this point could be detrimental to
910 * performance, it would not lead to an error. PG_G is simply
911 * ignored if CR4.PGE is clear. Moreover, in case this block
912 * is re-entered, the load_cr4() either above or below will
913 * modify CR4.PGE flushing the TLB.
915 load_cr4(cr4 | CR4_PGE);
920 * For SMP, these functions have to use the IPI mechanism for coherence.
922 * N.B.: Before calling any of the following TLB invalidation functions,
923 * the calling processor must ensure that all stores updating a non-
924 * kernel page table are globally performed. Otherwise, another
925 * processor could cache an old, pre-update entry without being
926 * invalidated. This can happen one of two ways: (1) The pmap becomes
927 * active on another processor after its pm_active field is checked by
928 * one of the following functions but before a store updating the page
929 * table is globally performed. (2) The pmap becomes active on another
930 * processor before its pm_active field is checked but due to
931 * speculative loads one of the following functions stills reads the
932 * pmap as inactive on the other processor.
934 * The kernel page table is exempt because its pm_active field is
935 * immutable. The kernel page table is always active on every
939 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
945 if (pmap == kernel_pmap || !CPU_CMP(&pmap->pm_active, &all_cpus)) {
949 cpuid = PCPU_GET(cpuid);
950 other_cpus = all_cpus;
951 CPU_CLR(cpuid, &other_cpus);
952 if (CPU_ISSET(cpuid, &pmap->pm_active))
954 CPU_AND(&other_cpus, &pmap->pm_active);
955 if (!CPU_EMPTY(&other_cpus))
956 smp_masked_invlpg(other_cpus, va);
962 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
969 if (pmap == kernel_pmap || !CPU_CMP(&pmap->pm_active, &all_cpus)) {
970 for (addr = sva; addr < eva; addr += PAGE_SIZE)
972 smp_invlpg_range(sva, eva);
974 cpuid = PCPU_GET(cpuid);
975 other_cpus = all_cpus;
976 CPU_CLR(cpuid, &other_cpus);
977 if (CPU_ISSET(cpuid, &pmap->pm_active))
978 for (addr = sva; addr < eva; addr += PAGE_SIZE)
980 CPU_AND(&other_cpus, &pmap->pm_active);
981 if (!CPU_EMPTY(&other_cpus))
982 smp_masked_invlpg_range(other_cpus, sva, eva);
988 pmap_invalidate_all(pmap_t pmap)
994 if (pmap == kernel_pmap || !CPU_CMP(&pmap->pm_active, &all_cpus)) {
998 cpuid = PCPU_GET(cpuid);
999 other_cpus = all_cpus;
1000 CPU_CLR(cpuid, &other_cpus);
1001 if (CPU_ISSET(cpuid, &pmap->pm_active))
1003 CPU_AND(&other_cpus, &pmap->pm_active);
1004 if (!CPU_EMPTY(&other_cpus))
1005 smp_masked_invltlb(other_cpus);
1011 pmap_invalidate_cache(void)
1021 cpuset_t invalidate; /* processors that invalidate their TLB */
1025 u_int store; /* processor that updates the PDE */
1029 pmap_update_pde_kernel(void *arg)
1031 struct pde_action *act = arg;
1035 if (act->store == PCPU_GET(cpuid)) {
1038 * Elsewhere, this operation requires allpmaps_lock for
1039 * synchronization. Here, it does not because it is being
1040 * performed in the context of an all_cpus rendezvous.
1042 LIST_FOREACH(pmap, &allpmaps, pm_list) {
1043 pde = pmap_pde(pmap, act->va);
1044 pde_store(pde, act->newpde);
1050 pmap_update_pde_user(void *arg)
1052 struct pde_action *act = arg;
1054 if (act->store == PCPU_GET(cpuid))
1055 pde_store(act->pde, act->newpde);
1059 pmap_update_pde_teardown(void *arg)
1061 struct pde_action *act = arg;
1063 if (CPU_ISSET(PCPU_GET(cpuid), &act->invalidate))
1064 pmap_update_pde_invalidate(act->va, act->newpde);
1068 * Change the page size for the specified virtual address in a way that
1069 * prevents any possibility of the TLB ever having two entries that map the
1070 * same virtual address using different page sizes. This is the recommended
1071 * workaround for Erratum 383 on AMD Family 10h processors. It prevents a
1072 * machine check exception for a TLB state that is improperly diagnosed as a
1076 pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde, pd_entry_t newpde)
1078 struct pde_action act;
1079 cpuset_t active, other_cpus;
1083 cpuid = PCPU_GET(cpuid);
1084 other_cpus = all_cpus;
1085 CPU_CLR(cpuid, &other_cpus);
1086 if (pmap == kernel_pmap)
1089 active = pmap->pm_active;
1090 if (CPU_OVERLAP(&active, &other_cpus)) {
1092 act.invalidate = active;
1095 act.newpde = newpde;
1096 CPU_SET(cpuid, &active);
1097 smp_rendezvous_cpus(active,
1098 smp_no_rendevous_barrier, pmap == kernel_pmap ?
1099 pmap_update_pde_kernel : pmap_update_pde_user,
1100 pmap_update_pde_teardown, &act);
1102 if (pmap == kernel_pmap)
1103 pmap_kenter_pde(va, newpde);
1105 pde_store(pde, newpde);
1106 if (CPU_ISSET(cpuid, &active))
1107 pmap_update_pde_invalidate(va, newpde);
1113 * Normal, non-SMP, 486+ invalidation functions.
1114 * We inline these within pmap.c for speed.
1117 pmap_invalidate_page(pmap_t pmap, vm_offset_t va)
1120 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1125 pmap_invalidate_range(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
1129 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1130 for (addr = sva; addr < eva; addr += PAGE_SIZE)
1135 pmap_invalidate_all(pmap_t pmap)
1138 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1143 pmap_invalidate_cache(void)
1150 pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde, pd_entry_t newpde)
1153 if (pmap == kernel_pmap)
1154 pmap_kenter_pde(va, newpde);
1156 pde_store(pde, newpde);
1157 if (pmap == kernel_pmap || !CPU_EMPTY(&pmap->pm_active))
1158 pmap_update_pde_invalidate(va, newpde);
1162 #define PMAP_CLFLUSH_THRESHOLD (2 * 1024 * 1024)
1165 pmap_invalidate_cache_range(vm_offset_t sva, vm_offset_t eva)
1168 KASSERT((sva & PAGE_MASK) == 0,
1169 ("pmap_invalidate_cache_range: sva not page-aligned"));
1170 KASSERT((eva & PAGE_MASK) == 0,
1171 ("pmap_invalidate_cache_range: eva not page-aligned"));
1173 if (cpu_feature & CPUID_SS)
1174 ; /* If "Self Snoop" is supported, do nothing. */
1175 else if ((cpu_feature & CPUID_CLFSH) != 0 &&
1176 eva - sva < PMAP_CLFLUSH_THRESHOLD) {
1179 * Otherwise, do per-cache line flush. Use the mfence
1180 * instruction to insure that previous stores are
1181 * included in the write-back. The processor
1182 * propagates flush to other processors in the cache
1186 for (; sva < eva; sva += cpu_clflush_line_size)
1192 * No targeted cache flush methods are supported by CPU,
1193 * or the supplied range is bigger than 2MB.
1194 * Globally invalidate cache.
1196 pmap_invalidate_cache();
1201 pmap_invalidate_cache_pages(vm_page_t *pages, int count)
1205 if (count >= PMAP_CLFLUSH_THRESHOLD / PAGE_SIZE ||
1206 (cpu_feature & CPUID_CLFSH) == 0) {
1207 pmap_invalidate_cache();
1209 for (i = 0; i < count; i++)
1210 pmap_flush_page(pages[i]);
1215 * Are we current address space or kernel? N.B. We return FALSE when
1216 * a pmap's page table is in use because a kernel thread is borrowing
1217 * it. The borrowed page table can change spontaneously, making any
1218 * dependence on its continued use subject to a race condition.
1221 pmap_is_current(pmap_t pmap)
1224 return (pmap == kernel_pmap ||
1225 (pmap == vmspace_pmap(curthread->td_proc->p_vmspace) &&
1226 (pmap->pm_pdir[PTDPTDI] & PG_FRAME) == (PTDpde[0] & PG_FRAME)));
1230 * If the given pmap is not the current or kernel pmap, the returned pte must
1231 * be released by passing it to pmap_pte_release().
1234 pmap_pte(pmap_t pmap, vm_offset_t va)
1239 pde = pmap_pde(pmap, va);
1243 /* are we current address space or kernel? */
1244 if (pmap_is_current(pmap))
1245 return (vtopte(va));
1246 mtx_lock(&PMAP2mutex);
1247 newpf = *pde & PG_FRAME;
1248 if ((*PMAP2 & PG_FRAME) != newpf) {
1249 *PMAP2 = newpf | PG_RW | PG_V | PG_A | PG_M;
1250 pmap_invalidate_page(kernel_pmap, (vm_offset_t)PADDR2);
1252 return (PADDR2 + (i386_btop(va) & (NPTEPG - 1)));
1258 * Releases a pte that was obtained from pmap_pte(). Be prepared for the pte
1261 static __inline void
1262 pmap_pte_release(pt_entry_t *pte)
1265 if ((pt_entry_t *)((vm_offset_t)pte & ~PAGE_MASK) == PADDR2)
1266 mtx_unlock(&PMAP2mutex);
1269 static __inline void
1270 invlcaddr(void *caddr)
1273 invlpg((u_int)caddr);
1277 * Super fast pmap_pte routine best used when scanning
1278 * the pv lists. This eliminates many coarse-grained
1279 * invltlb calls. Note that many of the pv list
1280 * scans are across different pmaps. It is very wasteful
1281 * to do an entire invltlb for checking a single mapping.
1283 * If the given pmap is not the current pmap, pvh_global_lock
1284 * must be held and curthread pinned to a CPU.
1287 pmap_pte_quick(pmap_t pmap, vm_offset_t va)
1292 pde = pmap_pde(pmap, va);
1296 /* are we current address space or kernel? */
1297 if (pmap_is_current(pmap))
1298 return (vtopte(va));
1299 rw_assert(&pvh_global_lock, RA_WLOCKED);
1300 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
1301 newpf = *pde & PG_FRAME;
1302 if ((*PMAP1 & PG_FRAME) != newpf) {
1303 *PMAP1 = newpf | PG_RW | PG_V | PG_A | PG_M;
1305 PMAP1cpu = PCPU_GET(cpuid);
1311 if (PMAP1cpu != PCPU_GET(cpuid)) {
1312 PMAP1cpu = PCPU_GET(cpuid);
1318 return (PADDR1 + (i386_btop(va) & (NPTEPG - 1)));
1324 * Routine: pmap_extract
1326 * Extract the physical page address associated
1327 * with the given map/virtual_address pair.
1330 pmap_extract(pmap_t pmap, vm_offset_t va)
1338 pde = pmap->pm_pdir[va >> PDRSHIFT];
1340 if ((pde & PG_PS) != 0)
1341 rtval = (pde & PG_PS_FRAME) | (va & PDRMASK);
1343 pte = pmap_pte(pmap, va);
1344 rtval = (*pte & PG_FRAME) | (va & PAGE_MASK);
1345 pmap_pte_release(pte);
1353 * Routine: pmap_extract_and_hold
1355 * Atomically extract and hold the physical page
1356 * with the given pmap and virtual address pair
1357 * if that mapping permits the given protection.
1360 pmap_extract_and_hold(pmap_t pmap, vm_offset_t va, vm_prot_t prot)
1363 pt_entry_t pte, *ptep;
1371 pde = *pmap_pde(pmap, va);
1374 if ((pde & PG_RW) || (prot & VM_PROT_WRITE) == 0) {
1375 if (vm_page_pa_tryrelock(pmap, (pde &
1376 PG_PS_FRAME) | (va & PDRMASK), &pa))
1378 m = PHYS_TO_VM_PAGE((pde & PG_PS_FRAME) |
1383 ptep = pmap_pte(pmap, va);
1385 pmap_pte_release(ptep);
1387 ((pte & PG_RW) || (prot & VM_PROT_WRITE) == 0)) {
1388 if (vm_page_pa_tryrelock(pmap, pte & PG_FRAME,
1391 m = PHYS_TO_VM_PAGE(pte & PG_FRAME);
1401 /***************************************************
1402 * Low level mapping routines.....
1403 ***************************************************/
1406 * Add a wired page to the kva.
1407 * Note: not SMP coherent.
1409 * This function may be used before pmap_bootstrap() is called.
1412 pmap_kenter(vm_offset_t va, vm_paddr_t pa)
1417 pte_store(pte, pa | PG_RW | PG_V | pgeflag);
1420 static __inline void
1421 pmap_kenter_attr(vm_offset_t va, vm_paddr_t pa, int mode)
1426 pte_store(pte, pa | PG_RW | PG_V | pgeflag | pmap_cache_bits(mode, 0));
1430 * Remove a page from the kernel pagetables.
1431 * Note: not SMP coherent.
1433 * This function may be used before pmap_bootstrap() is called.
1436 pmap_kremove(vm_offset_t va)
1445 * Used to map a range of physical addresses into kernel
1446 * virtual address space.
1448 * The value passed in '*virt' is a suggested virtual address for
1449 * the mapping. Architectures which can support a direct-mapped
1450 * physical to virtual region can return the appropriate address
1451 * within that region, leaving '*virt' unchanged. Other
1452 * architectures should map the pages starting at '*virt' and
1453 * update '*virt' with the first usable address after the mapped
1457 pmap_map(vm_offset_t *virt, vm_paddr_t start, vm_paddr_t end, int prot)
1459 vm_offset_t va, sva;
1460 vm_paddr_t superpage_offset;
1465 * Does the physical address range's size and alignment permit at
1466 * least one superpage mapping to be created?
1468 superpage_offset = start & PDRMASK;
1469 if ((end - start) - ((NBPDR - superpage_offset) & PDRMASK) >= NBPDR) {
1471 * Increase the starting virtual address so that its alignment
1472 * does not preclude the use of superpage mappings.
1474 if ((va & PDRMASK) < superpage_offset)
1475 va = (va & ~PDRMASK) + superpage_offset;
1476 else if ((va & PDRMASK) > superpage_offset)
1477 va = ((va + PDRMASK) & ~PDRMASK) + superpage_offset;
1480 while (start < end) {
1481 if ((start & PDRMASK) == 0 && end - start >= NBPDR &&
1483 KASSERT((va & PDRMASK) == 0,
1484 ("pmap_map: misaligned va %#x", va));
1485 newpde = start | PG_PS | pgeflag | PG_RW | PG_V;
1486 pmap_kenter_pde(va, newpde);
1490 pmap_kenter(va, start);
1495 pmap_invalidate_range(kernel_pmap, sva, va);
1502 * Add a list of wired pages to the kva
1503 * this routine is only used for temporary
1504 * kernel mappings that do not need to have
1505 * page modification or references recorded.
1506 * Note that old mappings are simply written
1507 * over. The page *must* be wired.
1508 * Note: SMP coherent. Uses a ranged shootdown IPI.
1511 pmap_qenter(vm_offset_t sva, vm_page_t *ma, int count)
1513 pt_entry_t *endpte, oldpte, pa, *pte;
1518 endpte = pte + count;
1519 while (pte < endpte) {
1521 pa = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.pat_mode, 0);
1522 if ((*pte & (PG_FRAME | PG_PTE_CACHE)) != pa) {
1524 pte_store(pte, pa | pgeflag | PG_RW | PG_V);
1528 if (__predict_false((oldpte & PG_V) != 0))
1529 pmap_invalidate_range(kernel_pmap, sva, sva + count *
1534 * This routine tears out page mappings from the
1535 * kernel -- it is meant only for temporary mappings.
1536 * Note: SMP coherent. Uses a ranged shootdown IPI.
1539 pmap_qremove(vm_offset_t sva, int count)
1544 while (count-- > 0) {
1548 pmap_invalidate_range(kernel_pmap, sva, va);
1551 /***************************************************
1552 * Page table page management routines.....
1553 ***************************************************/
1554 static __inline void
1555 pmap_free_zero_pages(vm_page_t free)
1559 while (free != NULL) {
1562 /* Preserve the page's PG_ZERO setting. */
1563 vm_page_free_toq(m);
1568 * Schedule the specified unused page table page to be freed. Specifically,
1569 * add the page to the specified list of pages that will be released to the
1570 * physical memory manager after the TLB has been updated.
1572 static __inline void
1573 pmap_add_delayed_free_list(vm_page_t m, vm_page_t *free, boolean_t set_PG_ZERO)
1577 m->flags |= PG_ZERO;
1579 m->flags &= ~PG_ZERO;
1585 * Inserts the specified page table page into the specified pmap's collection
1586 * of idle page table pages. Each of a pmap's page table pages is responsible
1587 * for mapping a distinct range of virtual addresses. The pmap's collection is
1588 * ordered by this virtual address range.
1591 pmap_insert_pt_page(pmap_t pmap, vm_page_t mpte)
1595 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1596 root = pmap->pm_root;
1601 root = vm_page_splay(mpte->pindex, root);
1602 if (mpte->pindex < root->pindex) {
1603 mpte->left = root->left;
1606 } else if (mpte->pindex == root->pindex)
1607 panic("pmap_insert_pt_page: pindex already inserted");
1609 mpte->right = root->right;
1614 pmap->pm_root = mpte;
1618 * Looks for a page table page mapping the specified virtual address in the
1619 * specified pmap's collection of idle page table pages. Returns NULL if there
1620 * is no page table page corresponding to the specified virtual address.
1623 pmap_lookup_pt_page(pmap_t pmap, vm_offset_t va)
1626 vm_pindex_t pindex = va >> PDRSHIFT;
1628 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1629 if ((mpte = pmap->pm_root) != NULL && mpte->pindex != pindex) {
1630 mpte = vm_page_splay(pindex, mpte);
1631 if ((pmap->pm_root = mpte)->pindex != pindex)
1638 * Removes the specified page table page from the specified pmap's collection
1639 * of idle page table pages. The specified page table page must be a member of
1640 * the pmap's collection.
1643 pmap_remove_pt_page(pmap_t pmap, vm_page_t mpte)
1647 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
1648 if (mpte != pmap->pm_root)
1649 vm_page_splay(mpte->pindex, pmap->pm_root);
1650 if (mpte->left == NULL)
1653 root = vm_page_splay(mpte->pindex, mpte->left);
1654 root->right = mpte->right;
1656 pmap->pm_root = root;
1660 * Decrements a page table page's wire count, which is used to record the
1661 * number of valid page table entries within the page. If the wire count
1662 * drops to zero, then the page table page is unmapped. Returns TRUE if the
1663 * page table page was unmapped and FALSE otherwise.
1665 static inline boolean_t
1666 pmap_unwire_ptp(pmap_t pmap, vm_page_t m, vm_page_t *free)
1670 if (m->wire_count == 0) {
1671 _pmap_unwire_ptp(pmap, m, free);
1678 _pmap_unwire_ptp(pmap_t pmap, vm_page_t m, vm_page_t *free)
1683 * unmap the page table page
1685 pmap->pm_pdir[m->pindex] = 0;
1686 --pmap->pm_stats.resident_count;
1689 * This is a release store so that the ordinary store unmapping
1690 * the page table page is globally performed before TLB shoot-
1693 atomic_subtract_rel_int(&cnt.v_wire_count, 1);
1696 * Do an invltlb to make the invalidated mapping
1697 * take effect immediately.
1699 pteva = VM_MAXUSER_ADDRESS + i386_ptob(m->pindex);
1700 pmap_invalidate_page(pmap, pteva);
1703 * Put page on a list so that it is released after
1704 * *ALL* TLB shootdown is done
1706 pmap_add_delayed_free_list(m, free, TRUE);
1710 * After removing a page table entry, this routine is used to
1711 * conditionally free the page, and manage the hold/wire counts.
1714 pmap_unuse_pt(pmap_t pmap, vm_offset_t va, vm_page_t *free)
1719 if (va >= VM_MAXUSER_ADDRESS)
1721 ptepde = *pmap_pde(pmap, va);
1722 mpte = PHYS_TO_VM_PAGE(ptepde & PG_FRAME);
1723 return (pmap_unwire_ptp(pmap, mpte, free));
1727 * Initialize the pmap for the swapper process.
1730 pmap_pinit0(pmap_t pmap)
1733 PMAP_LOCK_INIT(pmap);
1735 * Since the page table directory is shared with the kernel pmap,
1736 * which is already included in the list "allpmaps", this pmap does
1737 * not need to be inserted into that list.
1739 pmap->pm_pdir = (pd_entry_t *)(KERNBASE + (vm_offset_t)IdlePTD);
1741 pmap->pm_pdpt = (pdpt_entry_t *)(KERNBASE + (vm_offset_t)IdlePDPT);
1743 pmap->pm_root = NULL;
1744 CPU_ZERO(&pmap->pm_active);
1745 PCPU_SET(curpmap, pmap);
1746 TAILQ_INIT(&pmap->pm_pvchunk);
1747 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1751 * Initialize a preallocated and zeroed pmap structure,
1752 * such as one in a vmspace structure.
1755 pmap_pinit(pmap_t pmap)
1757 vm_page_t m, ptdpg[NPGPTD];
1761 PMAP_LOCK_INIT(pmap);
1764 * No need to allocate page table space yet but we do need a valid
1765 * page directory table.
1767 if (pmap->pm_pdir == NULL) {
1768 pmap->pm_pdir = (pd_entry_t *)kmem_alloc_nofault(kernel_map,
1770 if (pmap->pm_pdir == NULL) {
1771 PMAP_LOCK_DESTROY(pmap);
1775 pmap->pm_pdpt = uma_zalloc(pdptzone, M_WAITOK | M_ZERO);
1776 KASSERT(((vm_offset_t)pmap->pm_pdpt &
1777 ((NPGPTD * sizeof(pdpt_entry_t)) - 1)) == 0,
1778 ("pmap_pinit: pdpt misaligned"));
1779 KASSERT(pmap_kextract((vm_offset_t)pmap->pm_pdpt) < (4ULL<<30),
1780 ("pmap_pinit: pdpt above 4g"));
1782 pmap->pm_root = NULL;
1784 KASSERT(pmap->pm_root == NULL,
1785 ("pmap_pinit: pmap has reserved page table page(s)"));
1788 * allocate the page directory page(s)
1790 for (i = 0; i < NPGPTD;) {
1791 m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | VM_ALLOC_NOOBJ |
1792 VM_ALLOC_WIRED | VM_ALLOC_ZERO);
1800 pmap_qenter((vm_offset_t)pmap->pm_pdir, ptdpg, NPGPTD);
1802 for (i = 0; i < NPGPTD; i++)
1803 if ((ptdpg[i]->flags & PG_ZERO) == 0)
1804 pagezero(pmap->pm_pdir + (i * NPDEPG));
1806 mtx_lock_spin(&allpmaps_lock);
1807 LIST_INSERT_HEAD(&allpmaps, pmap, pm_list);
1808 /* Copy the kernel page table directory entries. */
1809 bcopy(PTD + KPTDI, pmap->pm_pdir + KPTDI, nkpt * sizeof(pd_entry_t));
1810 mtx_unlock_spin(&allpmaps_lock);
1812 /* install self-referential address mapping entry(s) */
1813 for (i = 0; i < NPGPTD; i++) {
1814 pa = VM_PAGE_TO_PHYS(ptdpg[i]);
1815 pmap->pm_pdir[PTDPTDI + i] = pa | PG_V | PG_RW | PG_A | PG_M;
1817 pmap->pm_pdpt[i] = pa | PG_V;
1821 CPU_ZERO(&pmap->pm_active);
1822 TAILQ_INIT(&pmap->pm_pvchunk);
1823 bzero(&pmap->pm_stats, sizeof pmap->pm_stats);
1829 * this routine is called if the page table page is not
1833 _pmap_allocpte(pmap_t pmap, u_int ptepindex, int flags)
1838 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1839 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1840 ("_pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1843 * Allocate a page table page.
1845 if ((m = vm_page_alloc(NULL, ptepindex, VM_ALLOC_NOOBJ |
1846 VM_ALLOC_WIRED | VM_ALLOC_ZERO)) == NULL) {
1847 if (flags & M_WAITOK) {
1849 rw_wunlock(&pvh_global_lock);
1851 rw_wlock(&pvh_global_lock);
1856 * Indicate the need to retry. While waiting, the page table
1857 * page may have been allocated.
1861 if ((m->flags & PG_ZERO) == 0)
1865 * Map the pagetable page into the process address space, if
1866 * it isn't already there.
1869 pmap->pm_stats.resident_count++;
1871 ptepa = VM_PAGE_TO_PHYS(m);
1872 pmap->pm_pdir[ptepindex] =
1873 (pd_entry_t) (ptepa | PG_U | PG_RW | PG_V | PG_A | PG_M);
1879 pmap_allocpte(pmap_t pmap, vm_offset_t va, int flags)
1885 KASSERT((flags & (M_NOWAIT | M_WAITOK)) == M_NOWAIT ||
1886 (flags & (M_NOWAIT | M_WAITOK)) == M_WAITOK,
1887 ("pmap_allocpte: flags is neither M_NOWAIT nor M_WAITOK"));
1890 * Calculate pagetable page index
1892 ptepindex = va >> PDRSHIFT;
1895 * Get the page directory entry
1897 ptepa = pmap->pm_pdir[ptepindex];
1900 * This supports switching from a 4MB page to a
1903 if (ptepa & PG_PS) {
1904 (void)pmap_demote_pde(pmap, &pmap->pm_pdir[ptepindex], va);
1905 ptepa = pmap->pm_pdir[ptepindex];
1909 * If the page table page is mapped, we just increment the
1910 * hold count, and activate it.
1913 m = PHYS_TO_VM_PAGE(ptepa & PG_FRAME);
1917 * Here if the pte page isn't mapped, or if it has
1920 m = _pmap_allocpte(pmap, ptepindex, flags);
1921 if (m == NULL && (flags & M_WAITOK))
1928 /***************************************************
1929 * Pmap allocation/deallocation routines.
1930 ***************************************************/
1934 * Deal with a SMP shootdown of other users of the pmap that we are
1935 * trying to dispose of. This can be a bit hairy.
1937 static cpuset_t *lazymask;
1938 static u_int lazyptd;
1939 static volatile u_int lazywait;
1941 void pmap_lazyfix_action(void);
1944 pmap_lazyfix_action(void)
1948 (*ipi_lazypmap_counts[PCPU_GET(cpuid)])++;
1950 if (rcr3() == lazyptd)
1951 load_cr3(curpcb->pcb_cr3);
1952 CPU_CLR_ATOMIC(PCPU_GET(cpuid), lazymask);
1953 atomic_store_rel_int(&lazywait, 1);
1957 pmap_lazyfix_self(u_int cpuid)
1960 if (rcr3() == lazyptd)
1961 load_cr3(curpcb->pcb_cr3);
1962 CPU_CLR_ATOMIC(cpuid, lazymask);
1967 pmap_lazyfix(pmap_t pmap)
1969 cpuset_t mymask, mask;
1973 mask = pmap->pm_active;
1974 while (!CPU_EMPTY(&mask)) {
1977 /* Find least significant set bit. */
1978 lsb = cpusetobj_ffs(&mask);
1981 CPU_SETOF(lsb, &mask);
1982 mtx_lock_spin(&smp_ipi_mtx);
1984 lazyptd = vtophys(pmap->pm_pdpt);
1986 lazyptd = vtophys(pmap->pm_pdir);
1988 cpuid = PCPU_GET(cpuid);
1990 /* Use a cpuset just for having an easy check. */
1991 CPU_SETOF(cpuid, &mymask);
1992 if (!CPU_CMP(&mask, &mymask)) {
1993 lazymask = &pmap->pm_active;
1994 pmap_lazyfix_self(cpuid);
1996 atomic_store_rel_int((u_int *)&lazymask,
1997 (u_int)&pmap->pm_active);
1998 atomic_store_rel_int(&lazywait, 0);
1999 ipi_selected(mask, IPI_LAZYPMAP);
2000 while (lazywait == 0) {
2006 mtx_unlock_spin(&smp_ipi_mtx);
2008 printf("pmap_lazyfix: spun for 50000000\n");
2009 mask = pmap->pm_active;
2016 * Cleaning up on uniprocessor is easy. For various reasons, we're
2017 * unlikely to have to even execute this code, including the fact
2018 * that the cleanup is deferred until the parent does a wait(2), which
2019 * means that another userland process has run.
2022 pmap_lazyfix(pmap_t pmap)
2026 cr3 = vtophys(pmap->pm_pdir);
2027 if (cr3 == rcr3()) {
2028 load_cr3(curpcb->pcb_cr3);
2029 CPU_CLR(PCPU_GET(cpuid), &pmap->pm_active);
2035 * Release any resources held by the given physical map.
2036 * Called when a pmap initialized by pmap_pinit is being released.
2037 * Should only be called if the map contains no valid mappings.
2040 pmap_release(pmap_t pmap)
2042 vm_page_t m, ptdpg[NPGPTD];
2045 KASSERT(pmap->pm_stats.resident_count == 0,
2046 ("pmap_release: pmap resident count %ld != 0",
2047 pmap->pm_stats.resident_count));
2048 KASSERT(pmap->pm_root == NULL,
2049 ("pmap_release: pmap has reserved page table page(s)"));
2052 mtx_lock_spin(&allpmaps_lock);
2053 LIST_REMOVE(pmap, pm_list);
2054 mtx_unlock_spin(&allpmaps_lock);
2056 for (i = 0; i < NPGPTD; i++)
2057 ptdpg[i] = PHYS_TO_VM_PAGE(pmap->pm_pdir[PTDPTDI + i] &
2060 bzero(pmap->pm_pdir + PTDPTDI, (nkpt + NPGPTD) *
2061 sizeof(*pmap->pm_pdir));
2063 pmap_qremove((vm_offset_t)pmap->pm_pdir, NPGPTD);
2065 for (i = 0; i < NPGPTD; i++) {
2068 KASSERT(VM_PAGE_TO_PHYS(m) == (pmap->pm_pdpt[i] & PG_FRAME),
2069 ("pmap_release: got wrong ptd page"));
2072 atomic_subtract_int(&cnt.v_wire_count, 1);
2073 vm_page_free_zero(m);
2075 PMAP_LOCK_DESTROY(pmap);
2079 kvm_size(SYSCTL_HANDLER_ARGS)
2081 unsigned long ksize = VM_MAX_KERNEL_ADDRESS - KERNBASE;
2083 return (sysctl_handle_long(oidp, &ksize, 0, req));
2085 SYSCTL_PROC(_vm, OID_AUTO, kvm_size, CTLTYPE_LONG|CTLFLAG_RD,
2086 0, 0, kvm_size, "IU", "Size of KVM");
2089 kvm_free(SYSCTL_HANDLER_ARGS)
2091 unsigned long kfree = VM_MAX_KERNEL_ADDRESS - kernel_vm_end;
2093 return (sysctl_handle_long(oidp, &kfree, 0, req));
2095 SYSCTL_PROC(_vm, OID_AUTO, kvm_free, CTLTYPE_LONG|CTLFLAG_RD,
2096 0, 0, kvm_free, "IU", "Amount of KVM free");
2099 * grow the number of kernel page table entries, if needed
2102 pmap_growkernel(vm_offset_t addr)
2104 vm_paddr_t ptppaddr;
2108 mtx_assert(&kernel_map->system_mtx, MA_OWNED);
2109 addr = roundup2(addr, NBPDR);
2110 if (addr - 1 >= kernel_map->max_offset)
2111 addr = kernel_map->max_offset;
2112 while (kernel_vm_end < addr) {
2113 if (pdir_pde(PTD, kernel_vm_end)) {
2114 kernel_vm_end = (kernel_vm_end + NBPDR) & ~PDRMASK;
2115 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
2116 kernel_vm_end = kernel_map->max_offset;
2122 nkpg = vm_page_alloc(NULL, kernel_vm_end >> PDRSHIFT,
2123 VM_ALLOC_INTERRUPT | VM_ALLOC_NOOBJ | VM_ALLOC_WIRED |
2126 panic("pmap_growkernel: no memory to grow kernel");
2130 if ((nkpg->flags & PG_ZERO) == 0)
2131 pmap_zero_page(nkpg);
2132 ptppaddr = VM_PAGE_TO_PHYS(nkpg);
2133 newpdir = (pd_entry_t) (ptppaddr | PG_V | PG_RW | PG_A | PG_M);
2134 pdir_pde(KPTD, kernel_vm_end) = pgeflag | newpdir;
2136 pmap_kenter_pde(kernel_vm_end, newpdir);
2137 kernel_vm_end = (kernel_vm_end + NBPDR) & ~PDRMASK;
2138 if (kernel_vm_end - 1 >= kernel_map->max_offset) {
2139 kernel_vm_end = kernel_map->max_offset;
2146 /***************************************************
2147 * page management routines.
2148 ***************************************************/
2150 CTASSERT(sizeof(struct pv_chunk) == PAGE_SIZE);
2151 CTASSERT(_NPCM == 11);
2152 CTASSERT(_NPCPV == 336);
2154 static __inline struct pv_chunk *
2155 pv_to_chunk(pv_entry_t pv)
2158 return ((struct pv_chunk *)((uintptr_t)pv & ~(uintptr_t)PAGE_MASK));
2161 #define PV_PMAP(pv) (pv_to_chunk(pv)->pc_pmap)
2163 #define PC_FREE0_9 0xfffffffful /* Free values for index 0 through 9 */
2164 #define PC_FREE10 0x0000fffful /* Free values for index 10 */
2166 static const uint32_t pc_freemask[_NPCM] = {
2167 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2168 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2169 PC_FREE0_9, PC_FREE0_9, PC_FREE0_9,
2170 PC_FREE0_9, PC_FREE10
2173 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_count, CTLFLAG_RD, &pv_entry_count, 0,
2174 "Current number of pv entries");
2177 static int pc_chunk_count, pc_chunk_allocs, pc_chunk_frees, pc_chunk_tryfail;
2179 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_count, CTLFLAG_RD, &pc_chunk_count, 0,
2180 "Current number of pv entry chunks");
2181 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_allocs, CTLFLAG_RD, &pc_chunk_allocs, 0,
2182 "Current number of pv entry chunks allocated");
2183 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_frees, CTLFLAG_RD, &pc_chunk_frees, 0,
2184 "Current number of pv entry chunks frees");
2185 SYSCTL_INT(_vm_pmap, OID_AUTO, pc_chunk_tryfail, CTLFLAG_RD, &pc_chunk_tryfail, 0,
2186 "Number of times tried to get a chunk page but failed.");
2188 static long pv_entry_frees, pv_entry_allocs;
2189 static int pv_entry_spare;
2191 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_frees, CTLFLAG_RD, &pv_entry_frees, 0,
2192 "Current number of pv entry frees");
2193 SYSCTL_LONG(_vm_pmap, OID_AUTO, pv_entry_allocs, CTLFLAG_RD, &pv_entry_allocs, 0,
2194 "Current number of pv entry allocs");
2195 SYSCTL_INT(_vm_pmap, OID_AUTO, pv_entry_spare, CTLFLAG_RD, &pv_entry_spare, 0,
2196 "Current number of spare pv entries");
2200 * We are in a serious low memory condition. Resort to
2201 * drastic measures to free some pages so we can allocate
2202 * another pv entry chunk.
2205 pmap_pv_reclaim(pmap_t locked_pmap)
2208 struct pv_chunk *pc;
2209 struct md_page *pvh;
2212 pt_entry_t *pte, tpte;
2215 vm_page_t free, m, m_pc;
2217 int bit, field, freed;
2219 PMAP_LOCK_ASSERT(locked_pmap, MA_OWNED);
2222 TAILQ_INIT(&newtail);
2223 while ((pc = TAILQ_FIRST(&pv_chunks)) != NULL && (pv_vafree == 0 ||
2225 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2226 if (pmap != pc->pc_pmap) {
2228 pmap_invalidate_all(pmap);
2229 if (pmap != locked_pmap)
2233 /* Avoid deadlock and lock recursion. */
2234 if (pmap > locked_pmap)
2236 else if (pmap != locked_pmap && !PMAP_TRYLOCK(pmap)) {
2238 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2244 * Destroy every non-wired, 4 KB page mapping in the chunk.
2247 for (field = 0; field < _NPCM; field++) {
2248 for (inuse = ~pc->pc_map[field] & pc_freemask[field];
2249 inuse != 0; inuse &= ~(1UL << bit)) {
2251 pv = &pc->pc_pventry[field * 32 + bit];
2253 pde = pmap_pde(pmap, va);
2254 if ((*pde & PG_PS) != 0)
2256 pte = pmap_pte(pmap, va);
2258 if ((tpte & PG_W) == 0)
2259 tpte = pte_load_clear(pte);
2260 pmap_pte_release(pte);
2261 if ((tpte & PG_W) != 0)
2264 ("pmap_pv_reclaim: pmap %p va %x zero pte",
2266 if ((tpte & PG_G) != 0)
2267 pmap_invalidate_page(pmap, va);
2268 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
2269 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
2271 if ((tpte & PG_A) != 0)
2272 vm_page_aflag_set(m, PGA_REFERENCED);
2273 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
2274 if (TAILQ_EMPTY(&m->md.pv_list) &&
2275 (m->flags & PG_FICTITIOUS) == 0) {
2276 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2277 if (TAILQ_EMPTY(&pvh->pv_list)) {
2278 vm_page_aflag_clear(m,
2282 pc->pc_map[field] |= 1UL << bit;
2283 pmap_unuse_pt(pmap, va, &free);
2288 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2291 /* Every freed mapping is for a 4 KB page. */
2292 pmap->pm_stats.resident_count -= freed;
2293 PV_STAT(pv_entry_frees += freed);
2294 PV_STAT(pv_entry_spare += freed);
2295 pv_entry_count -= freed;
2296 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2297 for (field = 0; field < _NPCM; field++)
2298 if (pc->pc_map[field] != pc_freemask[field]) {
2299 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
2301 TAILQ_INSERT_TAIL(&newtail, pc, pc_lru);
2304 * One freed pv entry in locked_pmap is
2307 if (pmap == locked_pmap)
2311 if (field == _NPCM) {
2312 PV_STAT(pv_entry_spare -= _NPCPV);
2313 PV_STAT(pc_chunk_count--);
2314 PV_STAT(pc_chunk_frees++);
2315 /* Entire chunk is free; return it. */
2316 m_pc = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
2317 pmap_qremove((vm_offset_t)pc, 1);
2318 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
2323 TAILQ_CONCAT(&pv_chunks, &newtail, pc_lru);
2325 pmap_invalidate_all(pmap);
2326 if (pmap != locked_pmap)
2329 if (m_pc == NULL && pv_vafree != 0 && free != NULL) {
2332 /* Recycle a freed page table page. */
2333 m_pc->wire_count = 1;
2334 atomic_add_int(&cnt.v_wire_count, 1);
2336 pmap_free_zero_pages(free);
2341 * free the pv_entry back to the free list
2344 free_pv_entry(pmap_t pmap, pv_entry_t pv)
2346 struct pv_chunk *pc;
2347 int idx, field, bit;
2349 rw_assert(&pvh_global_lock, RA_WLOCKED);
2350 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2351 PV_STAT(pv_entry_frees++);
2352 PV_STAT(pv_entry_spare++);
2354 pc = pv_to_chunk(pv);
2355 idx = pv - &pc->pc_pventry[0];
2358 pc->pc_map[field] |= 1ul << bit;
2359 for (idx = 0; idx < _NPCM; idx++)
2360 if (pc->pc_map[idx] != pc_freemask[idx]) {
2362 * 98% of the time, pc is already at the head of the
2363 * list. If it isn't already, move it to the head.
2365 if (__predict_false(TAILQ_FIRST(&pmap->pm_pvchunk) !=
2367 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2368 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc,
2373 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2378 free_pv_chunk(struct pv_chunk *pc)
2382 TAILQ_REMOVE(&pv_chunks, pc, pc_lru);
2383 PV_STAT(pv_entry_spare -= _NPCPV);
2384 PV_STAT(pc_chunk_count--);
2385 PV_STAT(pc_chunk_frees++);
2386 /* entire chunk is free, return it */
2387 m = PHYS_TO_VM_PAGE(pmap_kextract((vm_offset_t)pc));
2388 pmap_qremove((vm_offset_t)pc, 1);
2389 vm_page_unwire(m, 0);
2391 pmap_ptelist_free(&pv_vafree, (vm_offset_t)pc);
2395 * get a new pv_entry, allocating a block from the system
2399 get_pv_entry(pmap_t pmap, boolean_t try)
2401 static const struct timeval printinterval = { 60, 0 };
2402 static struct timeval lastprint;
2405 struct pv_chunk *pc;
2408 rw_assert(&pvh_global_lock, RA_WLOCKED);
2409 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2410 PV_STAT(pv_entry_allocs++);
2412 if (pv_entry_count > pv_entry_high_water)
2413 if (ratecheck(&lastprint, &printinterval))
2414 printf("Approaching the limit on PV entries, consider "
2415 "increasing either the vm.pmap.shpgperproc or the "
2416 "vm.pmap.pv_entry_max tunable.\n");
2418 pc = TAILQ_FIRST(&pmap->pm_pvchunk);
2420 for (field = 0; field < _NPCM; field++) {
2421 if (pc->pc_map[field]) {
2422 bit = bsfl(pc->pc_map[field]);
2426 if (field < _NPCM) {
2427 pv = &pc->pc_pventry[field * 32 + bit];
2428 pc->pc_map[field] &= ~(1ul << bit);
2429 /* If this was the last item, move it to tail */
2430 for (field = 0; field < _NPCM; field++)
2431 if (pc->pc_map[field] != 0) {
2432 PV_STAT(pv_entry_spare--);
2433 return (pv); /* not full, return */
2435 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
2436 TAILQ_INSERT_TAIL(&pmap->pm_pvchunk, pc, pc_list);
2437 PV_STAT(pv_entry_spare--);
2442 * Access to the ptelist "pv_vafree" is synchronized by the pvh
2443 * global lock. If "pv_vafree" is currently non-empty, it will
2444 * remain non-empty until pmap_ptelist_alloc() completes.
2446 if (pv_vafree == 0 || (m = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL |
2447 VM_ALLOC_NOOBJ | VM_ALLOC_WIRED)) == NULL) {
2450 PV_STAT(pc_chunk_tryfail++);
2453 m = pmap_pv_reclaim(pmap);
2457 PV_STAT(pc_chunk_count++);
2458 PV_STAT(pc_chunk_allocs++);
2459 pc = (struct pv_chunk *)pmap_ptelist_alloc(&pv_vafree);
2460 pmap_qenter((vm_offset_t)pc, &m, 1);
2462 pc->pc_map[0] = pc_freemask[0] & ~1ul; /* preallocated bit 0 */
2463 for (field = 1; field < _NPCM; field++)
2464 pc->pc_map[field] = pc_freemask[field];
2465 TAILQ_INSERT_TAIL(&pv_chunks, pc, pc_lru);
2466 pv = &pc->pc_pventry[0];
2467 TAILQ_INSERT_HEAD(&pmap->pm_pvchunk, pc, pc_list);
2468 PV_STAT(pv_entry_spare += _NPCPV - 1);
2472 static __inline pv_entry_t
2473 pmap_pvh_remove(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2477 rw_assert(&pvh_global_lock, RA_WLOCKED);
2478 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
2479 if (pmap == PV_PMAP(pv) && va == pv->pv_va) {
2480 TAILQ_REMOVE(&pvh->pv_list, pv, pv_list);
2488 pmap_pv_demote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
2490 struct md_page *pvh;
2492 vm_offset_t va_last;
2495 rw_assert(&pvh_global_lock, RA_WLOCKED);
2496 KASSERT((pa & PDRMASK) == 0,
2497 ("pmap_pv_demote_pde: pa is not 4mpage aligned"));
2500 * Transfer the 4mpage's pv entry for this mapping to the first
2503 pvh = pa_to_pvh(pa);
2504 va = trunc_4mpage(va);
2505 pv = pmap_pvh_remove(pvh, pmap, va);
2506 KASSERT(pv != NULL, ("pmap_pv_demote_pde: pv not found"));
2507 m = PHYS_TO_VM_PAGE(pa);
2508 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
2509 /* Instantiate the remaining NPTEPG - 1 pv entries. */
2510 va_last = va + NBPDR - PAGE_SIZE;
2513 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
2514 ("pmap_pv_demote_pde: page %p is not managed", m));
2516 pmap_insert_entry(pmap, va, m);
2517 } while (va < va_last);
2521 pmap_pv_promote_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
2523 struct md_page *pvh;
2525 vm_offset_t va_last;
2528 rw_assert(&pvh_global_lock, RA_WLOCKED);
2529 KASSERT((pa & PDRMASK) == 0,
2530 ("pmap_pv_promote_pde: pa is not 4mpage aligned"));
2533 * Transfer the first page's pv entry for this mapping to the
2534 * 4mpage's pv list. Aside from avoiding the cost of a call
2535 * to get_pv_entry(), a transfer avoids the possibility that
2536 * get_pv_entry() calls pmap_collect() and that pmap_collect()
2537 * removes one of the mappings that is being promoted.
2539 m = PHYS_TO_VM_PAGE(pa);
2540 va = trunc_4mpage(va);
2541 pv = pmap_pvh_remove(&m->md, pmap, va);
2542 KASSERT(pv != NULL, ("pmap_pv_promote_pde: pv not found"));
2543 pvh = pa_to_pvh(pa);
2544 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_list);
2545 /* Free the remaining NPTEPG - 1 pv entries. */
2546 va_last = va + NBPDR - PAGE_SIZE;
2550 pmap_pvh_free(&m->md, pmap, va);
2551 } while (va < va_last);
2555 pmap_pvh_free(struct md_page *pvh, pmap_t pmap, vm_offset_t va)
2559 pv = pmap_pvh_remove(pvh, pmap, va);
2560 KASSERT(pv != NULL, ("pmap_pvh_free: pv not found"));
2561 free_pv_entry(pmap, pv);
2565 pmap_remove_entry(pmap_t pmap, vm_page_t m, vm_offset_t va)
2567 struct md_page *pvh;
2569 rw_assert(&pvh_global_lock, RA_WLOCKED);
2570 pmap_pvh_free(&m->md, pmap, va);
2571 if (TAILQ_EMPTY(&m->md.pv_list) && (m->flags & PG_FICTITIOUS) == 0) {
2572 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
2573 if (TAILQ_EMPTY(&pvh->pv_list))
2574 vm_page_aflag_clear(m, PGA_WRITEABLE);
2579 * Create a pv entry for page at pa for
2583 pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
2587 rw_assert(&pvh_global_lock, RA_WLOCKED);
2588 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2589 pv = get_pv_entry(pmap, FALSE);
2591 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
2595 * Conditionally create a pv entry.
2598 pmap_try_insert_pv_entry(pmap_t pmap, vm_offset_t va, vm_page_t m)
2602 rw_assert(&pvh_global_lock, RA_WLOCKED);
2603 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2604 if (pv_entry_count < pv_entry_high_water &&
2605 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
2607 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
2614 * Create the pv entries for each of the pages within a superpage.
2617 pmap_pv_insert_pde(pmap_t pmap, vm_offset_t va, vm_paddr_t pa)
2619 struct md_page *pvh;
2622 rw_assert(&pvh_global_lock, RA_WLOCKED);
2623 if (pv_entry_count < pv_entry_high_water &&
2624 (pv = get_pv_entry(pmap, TRUE)) != NULL) {
2626 pvh = pa_to_pvh(pa);
2627 TAILQ_INSERT_TAIL(&pvh->pv_list, pv, pv_list);
2634 * Fills a page table page with mappings to consecutive physical pages.
2637 pmap_fill_ptp(pt_entry_t *firstpte, pt_entry_t newpte)
2641 for (pte = firstpte; pte < firstpte + NPTEPG; pte++) {
2643 newpte += PAGE_SIZE;
2648 * Tries to demote a 2- or 4MB page mapping. If demotion fails, the
2649 * 2- or 4MB page mapping is invalidated.
2652 pmap_demote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
2654 pd_entry_t newpde, oldpde;
2655 pt_entry_t *firstpte, newpte;
2657 vm_page_t free, mpte;
2659 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2661 KASSERT((oldpde & (PG_PS | PG_V)) == (PG_PS | PG_V),
2662 ("pmap_demote_pde: oldpde is missing PG_PS and/or PG_V"));
2663 mpte = pmap_lookup_pt_page(pmap, va);
2665 pmap_remove_pt_page(pmap, mpte);
2667 KASSERT((oldpde & PG_W) == 0,
2668 ("pmap_demote_pde: page table page for a wired mapping"
2672 * Invalidate the 2- or 4MB page mapping and return
2673 * "failure" if the mapping was never accessed or the
2674 * allocation of the new page table page fails.
2676 if ((oldpde & PG_A) == 0 || (mpte = vm_page_alloc(NULL,
2677 va >> PDRSHIFT, VM_ALLOC_NOOBJ | VM_ALLOC_NORMAL |
2678 VM_ALLOC_WIRED)) == NULL) {
2680 pmap_remove_pde(pmap, pde, trunc_4mpage(va), &free);
2681 pmap_invalidate_page(pmap, trunc_4mpage(va));
2682 pmap_free_zero_pages(free);
2683 CTR2(KTR_PMAP, "pmap_demote_pde: failure for va %#x"
2684 " in pmap %p", va, pmap);
2687 if (va < VM_MAXUSER_ADDRESS)
2688 pmap->pm_stats.resident_count++;
2690 mptepa = VM_PAGE_TO_PHYS(mpte);
2693 * If the page mapping is in the kernel's address space, then the
2694 * KPTmap can provide access to the page table page. Otherwise,
2695 * temporarily map the page table page (mpte) into the kernel's
2696 * address space at either PADDR1 or PADDR2.
2699 firstpte = &KPTmap[i386_btop(trunc_4mpage(va))];
2700 else if (curthread->td_pinned > 0 && rw_wowned(&pvh_global_lock)) {
2701 if ((*PMAP1 & PG_FRAME) != mptepa) {
2702 *PMAP1 = mptepa | PG_RW | PG_V | PG_A | PG_M;
2704 PMAP1cpu = PCPU_GET(cpuid);
2710 if (PMAP1cpu != PCPU_GET(cpuid)) {
2711 PMAP1cpu = PCPU_GET(cpuid);
2719 mtx_lock(&PMAP2mutex);
2720 if ((*PMAP2 & PG_FRAME) != mptepa) {
2721 *PMAP2 = mptepa | PG_RW | PG_V | PG_A | PG_M;
2722 pmap_invalidate_page(kernel_pmap, (vm_offset_t)PADDR2);
2726 newpde = mptepa | PG_M | PG_A | (oldpde & PG_U) | PG_RW | PG_V;
2727 KASSERT((oldpde & PG_A) != 0,
2728 ("pmap_demote_pde: oldpde is missing PG_A"));
2729 KASSERT((oldpde & (PG_M | PG_RW)) != PG_RW,
2730 ("pmap_demote_pde: oldpde is missing PG_M"));
2731 newpte = oldpde & ~PG_PS;
2732 if ((newpte & PG_PDE_PAT) != 0)
2733 newpte ^= PG_PDE_PAT | PG_PTE_PAT;
2736 * If the page table page is new, initialize it.
2738 if (mpte->wire_count == 1) {
2739 mpte->wire_count = NPTEPG;
2740 pmap_fill_ptp(firstpte, newpte);
2742 KASSERT((*firstpte & PG_FRAME) == (newpte & PG_FRAME),
2743 ("pmap_demote_pde: firstpte and newpte map different physical"
2747 * If the mapping has changed attributes, update the page table
2750 if ((*firstpte & PG_PTE_PROMOTE) != (newpte & PG_PTE_PROMOTE))
2751 pmap_fill_ptp(firstpte, newpte);
2754 * Demote the mapping. This pmap is locked. The old PDE has
2755 * PG_A set. If the old PDE has PG_RW set, it also has PG_M
2756 * set. Thus, there is no danger of a race with another
2757 * processor changing the setting of PG_A and/or PG_M between
2758 * the read above and the store below.
2760 if (workaround_erratum383)
2761 pmap_update_pde(pmap, va, pde, newpde);
2762 else if (pmap == kernel_pmap)
2763 pmap_kenter_pde(va, newpde);
2765 pde_store(pde, newpde);
2766 if (firstpte == PADDR2)
2767 mtx_unlock(&PMAP2mutex);
2770 * Invalidate the recursive mapping of the page table page.
2772 pmap_invalidate_page(pmap, (vm_offset_t)vtopte(va));
2775 * Demote the pv entry. This depends on the earlier demotion
2776 * of the mapping. Specifically, the (re)creation of a per-
2777 * page pv entry might trigger the execution of pmap_collect(),
2778 * which might reclaim a newly (re)created per-page pv entry
2779 * and destroy the associated mapping. In order to destroy
2780 * the mapping, the PDE must have already changed from mapping
2781 * the 2mpage to referencing the page table page.
2783 if ((oldpde & PG_MANAGED) != 0)
2784 pmap_pv_demote_pde(pmap, va, oldpde & PG_PS_FRAME);
2786 pmap_pde_demotions++;
2787 CTR2(KTR_PMAP, "pmap_demote_pde: success for va %#x"
2788 " in pmap %p", va, pmap);
2793 * pmap_remove_pde: do the things to unmap a superpage in a process
2796 pmap_remove_pde(pmap_t pmap, pd_entry_t *pdq, vm_offset_t sva,
2799 struct md_page *pvh;
2801 vm_offset_t eva, va;
2804 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2805 KASSERT((sva & PDRMASK) == 0,
2806 ("pmap_remove_pde: sva is not 4mpage aligned"));
2807 oldpde = pte_load_clear(pdq);
2809 pmap->pm_stats.wired_count -= NBPDR / PAGE_SIZE;
2812 * Machines that don't support invlpg, also don't support
2816 pmap_invalidate_page(kernel_pmap, sva);
2817 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
2818 if (oldpde & PG_MANAGED) {
2819 pvh = pa_to_pvh(oldpde & PG_PS_FRAME);
2820 pmap_pvh_free(pvh, pmap, sva);
2822 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
2823 va < eva; va += PAGE_SIZE, m++) {
2824 if ((oldpde & (PG_M | PG_RW)) == (PG_M | PG_RW))
2827 vm_page_aflag_set(m, PGA_REFERENCED);
2828 if (TAILQ_EMPTY(&m->md.pv_list) &&
2829 TAILQ_EMPTY(&pvh->pv_list))
2830 vm_page_aflag_clear(m, PGA_WRITEABLE);
2833 if (pmap == kernel_pmap) {
2834 if (!pmap_demote_pde(pmap, pdq, sva))
2835 panic("pmap_remove_pde: failed demotion");
2837 mpte = pmap_lookup_pt_page(pmap, sva);
2839 pmap_remove_pt_page(pmap, mpte);
2840 pmap->pm_stats.resident_count--;
2841 KASSERT(mpte->wire_count == NPTEPG,
2842 ("pmap_remove_pde: pte page wire count error"));
2843 mpte->wire_count = 0;
2844 pmap_add_delayed_free_list(mpte, free, FALSE);
2845 atomic_subtract_int(&cnt.v_wire_count, 1);
2851 * pmap_remove_pte: do the things to unmap a page in a process
2854 pmap_remove_pte(pmap_t pmap, pt_entry_t *ptq, vm_offset_t va, vm_page_t *free)
2859 rw_assert(&pvh_global_lock, RA_WLOCKED);
2860 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2861 oldpte = pte_load_clear(ptq);
2862 KASSERT(oldpte != 0,
2863 ("pmap_remove_pte: pmap %p va %x zero pte", pmap, va));
2865 pmap->pm_stats.wired_count -= 1;
2867 * Machines that don't support invlpg, also don't support
2871 pmap_invalidate_page(kernel_pmap, va);
2872 pmap->pm_stats.resident_count -= 1;
2873 if (oldpte & PG_MANAGED) {
2874 m = PHYS_TO_VM_PAGE(oldpte & PG_FRAME);
2875 if ((oldpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
2878 vm_page_aflag_set(m, PGA_REFERENCED);
2879 pmap_remove_entry(pmap, m, va);
2881 return (pmap_unuse_pt(pmap, va, free));
2885 * Remove a single page from a process address space
2888 pmap_remove_page(pmap_t pmap, vm_offset_t va, vm_page_t *free)
2892 rw_assert(&pvh_global_lock, RA_WLOCKED);
2893 KASSERT(curthread->td_pinned > 0, ("curthread not pinned"));
2894 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
2895 if ((pte = pmap_pte_quick(pmap, va)) == NULL || *pte == 0)
2897 pmap_remove_pte(pmap, pte, va, free);
2898 pmap_invalidate_page(pmap, va);
2902 * Remove the given range of addresses from the specified map.
2904 * It is assumed that the start and end are properly
2905 * rounded to the page size.
2908 pmap_remove(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
2913 vm_page_t free = NULL;
2917 * Perform an unsynchronized read. This is, however, safe.
2919 if (pmap->pm_stats.resident_count == 0)
2924 rw_wlock(&pvh_global_lock);
2929 * special handling of removing one page. a very
2930 * common operation and easy to short circuit some
2933 if ((sva + PAGE_SIZE == eva) &&
2934 ((pmap->pm_pdir[(sva >> PDRSHIFT)] & PG_PS) == 0)) {
2935 pmap_remove_page(pmap, sva, &free);
2939 for (; sva < eva; sva = pdnxt) {
2943 * Calculate index for next page table.
2945 pdnxt = (sva + NBPDR) & ~PDRMASK;
2948 if (pmap->pm_stats.resident_count == 0)
2951 pdirindex = sva >> PDRSHIFT;
2952 ptpaddr = pmap->pm_pdir[pdirindex];
2955 * Weed out invalid mappings. Note: we assume that the page
2956 * directory table is always allocated, and in kernel virtual.
2962 * Check for large page.
2964 if ((ptpaddr & PG_PS) != 0) {
2966 * Are we removing the entire large page? If not,
2967 * demote the mapping and fall through.
2969 if (sva + NBPDR == pdnxt && eva >= pdnxt) {
2971 * The TLB entry for a PG_G mapping is
2972 * invalidated by pmap_remove_pde().
2974 if ((ptpaddr & PG_G) == 0)
2976 pmap_remove_pde(pmap,
2977 &pmap->pm_pdir[pdirindex], sva, &free);
2979 } else if (!pmap_demote_pde(pmap,
2980 &pmap->pm_pdir[pdirindex], sva)) {
2981 /* The large page mapping was destroyed. */
2987 * Limit our scan to either the end of the va represented
2988 * by the current page table page, or to the end of the
2989 * range being removed.
2994 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
3000 * The TLB entry for a PG_G mapping is invalidated
3001 * by pmap_remove_pte().
3003 if ((*pte & PG_G) == 0)
3005 if (pmap_remove_pte(pmap, pte, sva, &free))
3012 pmap_invalidate_all(pmap);
3013 rw_wunlock(&pvh_global_lock);
3015 pmap_free_zero_pages(free);
3019 * Routine: pmap_remove_all
3021 * Removes this physical page from
3022 * all physical maps in which it resides.
3023 * Reflects back modify bits to the pager.
3026 * Original versions of this routine were very
3027 * inefficient because they iteratively called
3028 * pmap_remove (slow...)
3032 pmap_remove_all(vm_page_t m)
3034 struct md_page *pvh;
3037 pt_entry_t *pte, tpte;
3042 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
3043 ("pmap_remove_all: page %p is not managed", m));
3045 rw_wlock(&pvh_global_lock);
3047 if ((m->flags & PG_FICTITIOUS) != 0)
3048 goto small_mappings;
3049 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
3050 while ((pv = TAILQ_FIRST(&pvh->pv_list)) != NULL) {
3054 pde = pmap_pde(pmap, va);
3055 (void)pmap_demote_pde(pmap, pde, va);
3059 while ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
3062 pmap->pm_stats.resident_count--;
3063 pde = pmap_pde(pmap, pv->pv_va);
3064 KASSERT((*pde & PG_PS) == 0, ("pmap_remove_all: found"
3065 " a 4mpage in page %p's pv list", m));
3066 pte = pmap_pte_quick(pmap, pv->pv_va);
3067 tpte = pte_load_clear(pte);
3068 KASSERT(tpte != 0, ("pmap_remove_all: pmap %p va %x zero pte",
3071 pmap->pm_stats.wired_count--;
3073 vm_page_aflag_set(m, PGA_REFERENCED);
3076 * Update the vm_page_t clean and reference bits.
3078 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW))
3080 pmap_unuse_pt(pmap, pv->pv_va, &free);
3081 pmap_invalidate_page(pmap, pv->pv_va);
3082 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
3083 free_pv_entry(pmap, pv);
3086 vm_page_aflag_clear(m, PGA_WRITEABLE);
3088 rw_wunlock(&pvh_global_lock);
3089 pmap_free_zero_pages(free);
3093 * pmap_protect_pde: do the things to protect a 4mpage in a process
3096 pmap_protect_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t sva, vm_prot_t prot)
3098 pd_entry_t newpde, oldpde;
3099 vm_offset_t eva, va;
3101 boolean_t anychanged;
3103 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3104 KASSERT((sva & PDRMASK) == 0,
3105 ("pmap_protect_pde: sva is not 4mpage aligned"));
3108 oldpde = newpde = *pde;
3109 if (oldpde & PG_MANAGED) {
3111 for (va = sva, m = PHYS_TO_VM_PAGE(oldpde & PG_PS_FRAME);
3112 va < eva; va += PAGE_SIZE, m++)
3113 if ((oldpde & (PG_M | PG_RW)) == (PG_M | PG_RW))
3116 if ((prot & VM_PROT_WRITE) == 0)
3117 newpde &= ~(PG_RW | PG_M);
3119 if ((prot & VM_PROT_EXECUTE) == 0)
3122 if (newpde != oldpde) {
3123 if (!pde_cmpset(pde, oldpde, newpde))
3126 pmap_invalidate_page(pmap, sva);
3130 return (anychanged);
3134 * Set the physical protection on the
3135 * specified range of this map as requested.
3138 pmap_protect(pmap_t pmap, vm_offset_t sva, vm_offset_t eva, vm_prot_t prot)
3143 boolean_t anychanged, pv_lists_locked;
3145 if ((prot & VM_PROT_READ) == VM_PROT_NONE) {
3146 pmap_remove(pmap, sva, eva);
3151 if ((prot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) ==
3152 (VM_PROT_WRITE|VM_PROT_EXECUTE))
3155 if (prot & VM_PROT_WRITE)
3159 if (pmap_is_current(pmap))
3160 pv_lists_locked = FALSE;
3162 pv_lists_locked = TRUE;
3164 rw_wlock(&pvh_global_lock);
3170 for (; sva < eva; sva = pdnxt) {
3171 pt_entry_t obits, pbits;
3174 pdnxt = (sva + NBPDR) & ~PDRMASK;
3178 pdirindex = sva >> PDRSHIFT;
3179 ptpaddr = pmap->pm_pdir[pdirindex];
3182 * Weed out invalid mappings. Note: we assume that the page
3183 * directory table is always allocated, and in kernel virtual.
3189 * Check for large page.
3191 if ((ptpaddr & PG_PS) != 0) {
3193 * Are we protecting the entire large page? If not,
3194 * demote the mapping and fall through.
3196 if (sva + NBPDR == pdnxt && eva >= pdnxt) {
3198 * The TLB entry for a PG_G mapping is
3199 * invalidated by pmap_protect_pde().
3201 if (pmap_protect_pde(pmap,
3202 &pmap->pm_pdir[pdirindex], sva, prot))
3206 if (!pv_lists_locked) {
3207 pv_lists_locked = TRUE;
3208 if (!rw_try_wlock(&pvh_global_lock)) {
3210 pmap_invalidate_all(
3217 if (!pmap_demote_pde(pmap,
3218 &pmap->pm_pdir[pdirindex], sva)) {
3220 * The large page mapping was
3231 for (pte = pmap_pte_quick(pmap, sva); sva != pdnxt; pte++,
3237 * Regardless of whether a pte is 32 or 64 bits in
3238 * size, PG_RW, PG_A, and PG_M are among the least
3239 * significant 32 bits.
3241 obits = pbits = *pte;
3242 if ((pbits & PG_V) == 0)
3245 if ((prot & VM_PROT_WRITE) == 0) {
3246 if ((pbits & (PG_MANAGED | PG_M | PG_RW)) ==
3247 (PG_MANAGED | PG_M | PG_RW)) {
3248 m = PHYS_TO_VM_PAGE(pbits & PG_FRAME);
3251 pbits &= ~(PG_RW | PG_M);
3254 if ((prot & VM_PROT_EXECUTE) == 0)
3258 if (pbits != obits) {
3260 if (!atomic_cmpset_64(pte, obits, pbits))
3263 if (!atomic_cmpset_int((u_int *)pte, obits,
3268 pmap_invalidate_page(pmap, sva);
3275 pmap_invalidate_all(pmap);
3276 if (pv_lists_locked) {
3278 rw_wunlock(&pvh_global_lock);
3284 * Tries to promote the 512 or 1024, contiguous 4KB page mappings that are
3285 * within a single page table page (PTP) to a single 2- or 4MB page mapping.
3286 * For promotion to occur, two conditions must be met: (1) the 4KB page
3287 * mappings must map aligned, contiguous physical memory and (2) the 4KB page
3288 * mappings must have identical characteristics.
3290 * Managed (PG_MANAGED) mappings within the kernel address space are not
3291 * promoted. The reason is that kernel PDEs are replicated in each pmap but
3292 * pmap_clear_ptes() and pmap_ts_referenced() only read the PDE from the kernel
3296 pmap_promote_pde(pmap_t pmap, pd_entry_t *pde, vm_offset_t va)
3299 pt_entry_t *firstpte, oldpte, pa, *pte;
3300 vm_offset_t oldpteva;
3303 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3306 * Examine the first PTE in the specified PTP. Abort if this PTE is
3307 * either invalid, unused, or does not map the first 4KB physical page
3308 * within a 2- or 4MB page.
3310 firstpte = pmap_pte_quick(pmap, trunc_4mpage(va));
3313 if ((newpde & ((PG_FRAME & PDRMASK) | PG_A | PG_V)) != (PG_A | PG_V)) {
3314 pmap_pde_p_failures++;
3315 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3316 " in pmap %p", va, pmap);
3319 if ((*firstpte & PG_MANAGED) != 0 && pmap == kernel_pmap) {
3320 pmap_pde_p_failures++;
3321 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3322 " in pmap %p", va, pmap);
3325 if ((newpde & (PG_M | PG_RW)) == PG_RW) {
3327 * When PG_M is already clear, PG_RW can be cleared without
3328 * a TLB invalidation.
3330 if (!atomic_cmpset_int((u_int *)firstpte, newpde, newpde &
3337 * Examine each of the other PTEs in the specified PTP. Abort if this
3338 * PTE maps an unexpected 4KB physical page or does not have identical
3339 * characteristics to the first PTE.
3341 pa = (newpde & (PG_PS_FRAME | PG_A | PG_V)) + NBPDR - PAGE_SIZE;
3342 for (pte = firstpte + NPTEPG - 1; pte > firstpte; pte--) {
3345 if ((oldpte & (PG_FRAME | PG_A | PG_V)) != pa) {
3346 pmap_pde_p_failures++;
3347 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3348 " in pmap %p", va, pmap);
3351 if ((oldpte & (PG_M | PG_RW)) == PG_RW) {
3353 * When PG_M is already clear, PG_RW can be cleared
3354 * without a TLB invalidation.
3356 if (!atomic_cmpset_int((u_int *)pte, oldpte,
3360 oldpteva = (oldpte & PG_FRAME & PDRMASK) |
3362 CTR2(KTR_PMAP, "pmap_promote_pde: protect for va %#x"
3363 " in pmap %p", oldpteva, pmap);
3365 if ((oldpte & PG_PTE_PROMOTE) != (newpde & PG_PTE_PROMOTE)) {
3366 pmap_pde_p_failures++;
3367 CTR2(KTR_PMAP, "pmap_promote_pde: failure for va %#x"
3368 " in pmap %p", va, pmap);
3375 * Save the page table page in its current state until the PDE
3376 * mapping the superpage is demoted by pmap_demote_pde() or
3377 * destroyed by pmap_remove_pde().
3379 mpte = PHYS_TO_VM_PAGE(*pde & PG_FRAME);
3380 KASSERT(mpte >= vm_page_array &&
3381 mpte < &vm_page_array[vm_page_array_size],
3382 ("pmap_promote_pde: page table page is out of range"));
3383 KASSERT(mpte->pindex == va >> PDRSHIFT,
3384 ("pmap_promote_pde: page table page's pindex is wrong"));
3385 pmap_insert_pt_page(pmap, mpte);
3388 * Promote the pv entries.
3390 if ((newpde & PG_MANAGED) != 0)
3391 pmap_pv_promote_pde(pmap, va, newpde & PG_PS_FRAME);
3394 * Propagate the PAT index to its proper position.
3396 if ((newpde & PG_PTE_PAT) != 0)
3397 newpde ^= PG_PDE_PAT | PG_PTE_PAT;
3400 * Map the superpage.
3402 if (workaround_erratum383)
3403 pmap_update_pde(pmap, va, pde, PG_PS | newpde);
3404 else if (pmap == kernel_pmap)
3405 pmap_kenter_pde(va, PG_PS | newpde);
3407 pde_store(pde, PG_PS | newpde);
3409 pmap_pde_promotions++;
3410 CTR2(KTR_PMAP, "pmap_promote_pde: success for va %#x"
3411 " in pmap %p", va, pmap);
3415 * Insert the given physical page (p) at
3416 * the specified virtual address (v) in the
3417 * target physical map with the protection requested.
3419 * If specified, the page will be wired down, meaning
3420 * that the related pte can not be reclaimed.
3422 * NB: This is the only routine which MAY NOT lazy-evaluate
3423 * or lose information. That is, this routine must actually
3424 * insert this page into the given map NOW.
3427 pmap_enter(pmap_t pmap, vm_offset_t va, vm_prot_t access, vm_page_t m,
3428 vm_prot_t prot, boolean_t wired)
3432 pt_entry_t newpte, origpte;
3438 va = trunc_page(va);
3439 KASSERT(va <= VM_MAX_KERNEL_ADDRESS, ("pmap_enter: toobig"));
3440 KASSERT(va < UPT_MIN_ADDRESS || va >= UPT_MAX_ADDRESS,
3441 ("pmap_enter: invalid to pmap_enter page table pages (va: 0x%x)",
3443 KASSERT((m->oflags & (VPO_UNMANAGED | VPO_BUSY)) != 0 ||
3444 VM_OBJECT_LOCKED(m->object),
3445 ("pmap_enter: page %p is not busy", m));
3449 rw_wlock(&pvh_global_lock);
3454 * In the case that a page table page is not
3455 * resident, we are creating it here.
3457 if (va < VM_MAXUSER_ADDRESS) {
3458 mpte = pmap_allocpte(pmap, va, M_WAITOK);
3461 pde = pmap_pde(pmap, va);
3462 if ((*pde & PG_PS) != 0)
3463 panic("pmap_enter: attempted pmap_enter on 4MB page");
3464 pte = pmap_pte_quick(pmap, va);
3467 * Page Directory table entry not valid, we need a new PT page
3470 panic("pmap_enter: invalid page directory pdir=%#jx, va=%#x",
3471 (uintmax_t)pmap->pm_pdir[PTDPTDI], va);
3474 pa = VM_PAGE_TO_PHYS(m);
3477 opa = origpte & PG_FRAME;
3480 * Mapping has not changed, must be protection or wiring change.
3482 if (origpte && (opa == pa)) {
3484 * Wiring change, just update stats. We don't worry about
3485 * wiring PT pages as they remain resident as long as there
3486 * are valid mappings in them. Hence, if a user page is wired,
3487 * the PT page will be also.
3489 if (wired && ((origpte & PG_W) == 0))
3490 pmap->pm_stats.wired_count++;
3491 else if (!wired && (origpte & PG_W))
3492 pmap->pm_stats.wired_count--;
3495 * Remove extra pte reference
3500 if (origpte & PG_MANAGED) {
3510 * Mapping has changed, invalidate old range and fall through to
3511 * handle validating new mapping.
3515 pmap->pm_stats.wired_count--;
3516 if (origpte & PG_MANAGED) {
3517 om = PHYS_TO_VM_PAGE(opa);
3518 pv = pmap_pvh_remove(&om->md, pmap, va);
3522 KASSERT(mpte->wire_count > 0,
3523 ("pmap_enter: missing reference to page table page,"
3527 pmap->pm_stats.resident_count++;
3530 * Enter on the PV list if part of our managed memory.
3532 if ((m->oflags & VPO_UNMANAGED) == 0) {
3533 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva,
3534 ("pmap_enter: managed mapping within the clean submap"));
3536 pv = get_pv_entry(pmap, FALSE);
3538 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
3540 } else if (pv != NULL)
3541 free_pv_entry(pmap, pv);
3544 * Increment counters
3547 pmap->pm_stats.wired_count++;
3551 * Now validate mapping with desired protection/wiring.
3553 newpte = (pt_entry_t)(pa | pmap_cache_bits(m->md.pat_mode, 0) | PG_V);
3554 if ((prot & VM_PROT_WRITE) != 0) {
3556 if ((newpte & PG_MANAGED) != 0)
3557 vm_page_aflag_set(m, PGA_WRITEABLE);
3560 if ((prot & VM_PROT_EXECUTE) == 0)
3565 if (va < VM_MAXUSER_ADDRESS)
3567 if (pmap == kernel_pmap)
3571 * if the mapping or permission bits are different, we need
3572 * to update the pte.
3574 if ((origpte & ~(PG_M|PG_A)) != newpte) {
3576 if ((access & VM_PROT_WRITE) != 0)
3578 if (origpte & PG_V) {
3580 origpte = pte_load_store(pte, newpte);
3581 if (origpte & PG_A) {
3582 if (origpte & PG_MANAGED)
3583 vm_page_aflag_set(om, PGA_REFERENCED);
3584 if (opa != VM_PAGE_TO_PHYS(m))
3587 if ((origpte & PG_NX) == 0 &&
3588 (newpte & PG_NX) != 0)
3592 if ((origpte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
3593 if ((origpte & PG_MANAGED) != 0)
3595 if ((prot & VM_PROT_WRITE) == 0)
3598 if ((origpte & PG_MANAGED) != 0 &&
3599 TAILQ_EMPTY(&om->md.pv_list) &&
3600 ((om->flags & PG_FICTITIOUS) != 0 ||
3601 TAILQ_EMPTY(&pa_to_pvh(opa)->pv_list)))
3602 vm_page_aflag_clear(om, PGA_WRITEABLE);
3604 pmap_invalidate_page(pmap, va);
3606 pte_store(pte, newpte);
3610 * If both the page table page and the reservation are fully
3611 * populated, then attempt promotion.
3613 if ((mpte == NULL || mpte->wire_count == NPTEPG) &&
3614 pg_ps_enabled && (m->flags & PG_FICTITIOUS) == 0 &&
3615 vm_reserv_level_iffullpop(m) == 0)
3616 pmap_promote_pde(pmap, pde, va);
3619 rw_wunlock(&pvh_global_lock);
3624 * Tries to create a 2- or 4MB page mapping. Returns TRUE if successful and
3625 * FALSE otherwise. Fails if (1) a page table page cannot be allocated without
3626 * blocking, (2) a mapping already exists at the specified virtual address, or
3627 * (3) a pv entry cannot be allocated without reclaiming another pv entry.
3630 pmap_enter_pde(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3632 pd_entry_t *pde, newpde;
3634 rw_assert(&pvh_global_lock, RA_WLOCKED);
3635 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3636 pde = pmap_pde(pmap, va);
3638 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
3639 " in pmap %p", va, pmap);
3642 newpde = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.pat_mode, 1) |
3644 if ((m->oflags & VPO_UNMANAGED) == 0) {
3645 newpde |= PG_MANAGED;
3648 * Abort this mapping if its PV entry could not be created.
3650 if (!pmap_pv_insert_pde(pmap, va, VM_PAGE_TO_PHYS(m))) {
3651 CTR2(KTR_PMAP, "pmap_enter_pde: failure for va %#lx"
3652 " in pmap %p", va, pmap);
3657 if ((prot & VM_PROT_EXECUTE) == 0)
3660 if (va < VM_MAXUSER_ADDRESS)
3664 * Increment counters.
3666 pmap->pm_stats.resident_count += NBPDR / PAGE_SIZE;
3669 * Map the superpage.
3671 pde_store(pde, newpde);
3673 pmap_pde_mappings++;
3674 CTR2(KTR_PMAP, "pmap_enter_pde: success for va %#lx"
3675 " in pmap %p", va, pmap);
3680 * Maps a sequence of resident pages belonging to the same object.
3681 * The sequence begins with the given page m_start. This page is
3682 * mapped at the given virtual address start. Each subsequent page is
3683 * mapped at a virtual address that is offset from start by the same
3684 * amount as the page is offset from m_start within the object. The
3685 * last page in the sequence is the page with the largest offset from
3686 * m_start that can be mapped at a virtual address less than the given
3687 * virtual address end. Not every virtual page between start and end
3688 * is mapped; only those for which a resident page exists with the
3689 * corresponding offset from m_start are mapped.
3692 pmap_enter_object(pmap_t pmap, vm_offset_t start, vm_offset_t end,
3693 vm_page_t m_start, vm_prot_t prot)
3697 vm_pindex_t diff, psize;
3699 VM_OBJECT_LOCK_ASSERT(m_start->object, MA_OWNED);
3700 psize = atop(end - start);
3703 rw_wlock(&pvh_global_lock);
3705 while (m != NULL && (diff = m->pindex - m_start->pindex) < psize) {
3706 va = start + ptoa(diff);
3707 if ((va & PDRMASK) == 0 && va + NBPDR <= end &&
3708 (VM_PAGE_TO_PHYS(m) & PDRMASK) == 0 &&
3709 pg_ps_enabled && vm_reserv_level_iffullpop(m) == 0 &&
3710 pmap_enter_pde(pmap, va, m, prot))
3711 m = &m[NBPDR / PAGE_SIZE - 1];
3713 mpte = pmap_enter_quick_locked(pmap, va, m, prot,
3715 m = TAILQ_NEXT(m, listq);
3717 rw_wunlock(&pvh_global_lock);
3722 * this code makes some *MAJOR* assumptions:
3723 * 1. Current pmap & pmap exists.
3726 * 4. No page table pages.
3727 * but is *MUCH* faster than pmap_enter...
3731 pmap_enter_quick(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot)
3734 rw_wlock(&pvh_global_lock);
3736 (void)pmap_enter_quick_locked(pmap, va, m, prot, NULL);
3737 rw_wunlock(&pvh_global_lock);
3742 pmap_enter_quick_locked(pmap_t pmap, vm_offset_t va, vm_page_t m,
3743 vm_prot_t prot, vm_page_t mpte)
3749 KASSERT(va < kmi.clean_sva || va >= kmi.clean_eva ||
3750 (m->oflags & VPO_UNMANAGED) != 0,
3751 ("pmap_enter_quick_locked: managed mapping within the clean submap"));
3752 rw_assert(&pvh_global_lock, RA_WLOCKED);
3753 PMAP_LOCK_ASSERT(pmap, MA_OWNED);
3756 * In the case that a page table page is not
3757 * resident, we are creating it here.
3759 if (va < VM_MAXUSER_ADDRESS) {
3764 * Calculate pagetable page index
3766 ptepindex = va >> PDRSHIFT;
3767 if (mpte && (mpte->pindex == ptepindex)) {
3771 * Get the page directory entry
3773 ptepa = pmap->pm_pdir[ptepindex];
3776 * If the page table page is mapped, we just increment
3777 * the hold count, and activate it.
3782 mpte = PHYS_TO_VM_PAGE(ptepa & PG_FRAME);
3785 mpte = _pmap_allocpte(pmap, ptepindex,
3796 * This call to vtopte makes the assumption that we are
3797 * entering the page into the current pmap. In order to support
3798 * quick entry into any pmap, one would likely use pmap_pte_quick.
3799 * But that isn't as quick as vtopte.
3811 * Enter on the PV list if part of our managed memory.
3813 if ((m->oflags & VPO_UNMANAGED) == 0 &&
3814 !pmap_try_insert_pv_entry(pmap, va, m)) {
3817 if (pmap_unwire_ptp(pmap, mpte, &free)) {
3818 pmap_invalidate_page(pmap, va);
3819 pmap_free_zero_pages(free);
3828 * Increment counters
3830 pmap->pm_stats.resident_count++;
3832 pa = VM_PAGE_TO_PHYS(m) | pmap_cache_bits(m->md.pat_mode, 0);
3834 if ((prot & VM_PROT_EXECUTE) == 0)
3839 * Now validate mapping with RO protection
3841 if ((m->oflags & VPO_UNMANAGED) != 0)
3842 pte_store(pte, pa | PG_V | PG_U);
3844 pte_store(pte, pa | PG_V | PG_U | PG_MANAGED);
3849 * Make a temporary mapping for a physical address. This is only intended
3850 * to be used for panic dumps.
3853 pmap_kenter_temporary(vm_paddr_t pa, int i)
3857 va = (vm_offset_t)crashdumpmap + (i * PAGE_SIZE);
3858 pmap_kenter(va, pa);
3860 return ((void *)crashdumpmap);
3864 * This code maps large physical mmap regions into the
3865 * processor address space. Note that some shortcuts
3866 * are taken, but the code works.
3869 pmap_object_init_pt(pmap_t pmap, vm_offset_t addr, vm_object_t object,
3870 vm_pindex_t pindex, vm_size_t size)
3873 vm_paddr_t pa, ptepa;
3877 VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
3878 KASSERT(object->type == OBJT_DEVICE || object->type == OBJT_SG,
3879 ("pmap_object_init_pt: non-device object"));
3881 (addr & (NBPDR - 1)) == 0 && (size & (NBPDR - 1)) == 0) {
3882 if (!vm_object_populate(object, pindex, pindex + atop(size)))
3884 p = vm_page_lookup(object, pindex);
3885 KASSERT(p->valid == VM_PAGE_BITS_ALL,
3886 ("pmap_object_init_pt: invalid page %p", p));
3887 pat_mode = p->md.pat_mode;
3890 * Abort the mapping if the first page is not physically
3891 * aligned to a 2/4MB page boundary.
3893 ptepa = VM_PAGE_TO_PHYS(p);
3894 if (ptepa & (NBPDR - 1))
3898 * Skip the first page. Abort the mapping if the rest of
3899 * the pages are not physically contiguous or have differing
3900 * memory attributes.
3902 p = TAILQ_NEXT(p, listq);
3903 for (pa = ptepa + PAGE_SIZE; pa < ptepa + size;
3905 KASSERT(p->valid == VM_PAGE_BITS_ALL,
3906 ("pmap_object_init_pt: invalid page %p", p));
3907 if (pa != VM_PAGE_TO_PHYS(p) ||
3908 pat_mode != p->md.pat_mode)
3910 p = TAILQ_NEXT(p, listq);
3914 * Map using 2/4MB pages. Since "ptepa" is 2/4M aligned and
3915 * "size" is a multiple of 2/4M, adding the PAT setting to
3916 * "pa" will not affect the termination of this loop.
3919 for (pa = ptepa | pmap_cache_bits(pat_mode, 1); pa < ptepa +
3920 size; pa += NBPDR) {
3921 pde = pmap_pde(pmap, addr);
3923 pde_store(pde, pa | PG_PS | PG_M | PG_A |
3924 PG_U | PG_RW | PG_V);
3925 pmap->pm_stats.resident_count += NBPDR /
3927 pmap_pde_mappings++;
3929 /* Else continue on if the PDE is already valid. */
3937 * Routine: pmap_change_wiring
3938 * Function: Change the wiring attribute for a map/virtual-address
3940 * In/out conditions:
3941 * The mapping must already exist in the pmap.
3944 pmap_change_wiring(pmap_t pmap, vm_offset_t va, boolean_t wired)
3948 boolean_t are_queues_locked;
3950 are_queues_locked = FALSE;
3953 pde = pmap_pde(pmap, va);
3954 if ((*pde & PG_PS) != 0) {
3955 if (!wired != ((*pde & PG_W) == 0)) {
3956 if (!are_queues_locked) {
3957 are_queues_locked = TRUE;
3958 if (!rw_try_wlock(&pvh_global_lock)) {
3960 rw_wlock(&pvh_global_lock);
3964 if (!pmap_demote_pde(pmap, pde, va))
3965 panic("pmap_change_wiring: demotion failed");
3969 pte = pmap_pte(pmap, va);
3971 if (wired && !pmap_pte_w(pte))
3972 pmap->pm_stats.wired_count++;
3973 else if (!wired && pmap_pte_w(pte))
3974 pmap->pm_stats.wired_count--;
3977 * Wiring is not a hardware characteristic so there is no need to
3980 pmap_pte_set_w(pte, wired);
3981 pmap_pte_release(pte);
3983 if (are_queues_locked)
3984 rw_wunlock(&pvh_global_lock);
3991 * Copy the range specified by src_addr/len
3992 * from the source map to the range dst_addr/len
3993 * in the destination map.
3995 * This routine is only advisory and need not do anything.
3999 pmap_copy(pmap_t dst_pmap, pmap_t src_pmap, vm_offset_t dst_addr, vm_size_t len,
4000 vm_offset_t src_addr)
4004 vm_offset_t end_addr = src_addr + len;
4007 if (dst_addr != src_addr)
4010 if (!pmap_is_current(src_pmap))
4013 rw_wlock(&pvh_global_lock);
4014 if (dst_pmap < src_pmap) {
4015 PMAP_LOCK(dst_pmap);
4016 PMAP_LOCK(src_pmap);
4018 PMAP_LOCK(src_pmap);
4019 PMAP_LOCK(dst_pmap);
4022 for (addr = src_addr; addr < end_addr; addr = pdnxt) {
4023 pt_entry_t *src_pte, *dst_pte;
4024 vm_page_t dstmpte, srcmpte;
4025 pd_entry_t srcptepaddr;
4028 KASSERT(addr < UPT_MIN_ADDRESS,
4029 ("pmap_copy: invalid to pmap_copy page tables"));
4031 pdnxt = (addr + NBPDR) & ~PDRMASK;
4034 ptepindex = addr >> PDRSHIFT;
4036 srcptepaddr = src_pmap->pm_pdir[ptepindex];
4037 if (srcptepaddr == 0)
4040 if (srcptepaddr & PG_PS) {
4041 if (dst_pmap->pm_pdir[ptepindex] == 0 &&
4042 ((srcptepaddr & PG_MANAGED) == 0 ||
4043 pmap_pv_insert_pde(dst_pmap, addr, srcptepaddr &
4045 dst_pmap->pm_pdir[ptepindex] = srcptepaddr &
4047 dst_pmap->pm_stats.resident_count +=
4053 srcmpte = PHYS_TO_VM_PAGE(srcptepaddr & PG_FRAME);
4054 KASSERT(srcmpte->wire_count > 0,
4055 ("pmap_copy: source page table page is unused"));
4057 if (pdnxt > end_addr)
4060 src_pte = vtopte(addr);
4061 while (addr < pdnxt) {
4065 * we only virtual copy managed pages
4067 if ((ptetemp & PG_MANAGED) != 0) {
4068 dstmpte = pmap_allocpte(dst_pmap, addr,
4070 if (dstmpte == NULL)
4072 dst_pte = pmap_pte_quick(dst_pmap, addr);
4073 if (*dst_pte == 0 &&
4074 pmap_try_insert_pv_entry(dst_pmap, addr,
4075 PHYS_TO_VM_PAGE(ptetemp & PG_FRAME))) {
4077 * Clear the wired, modified, and
4078 * accessed (referenced) bits
4081 *dst_pte = ptetemp & ~(PG_W | PG_M |
4083 dst_pmap->pm_stats.resident_count++;
4086 if (pmap_unwire_ptp(dst_pmap, dstmpte,
4088 pmap_invalidate_page(dst_pmap,
4090 pmap_free_zero_pages(free);
4094 if (dstmpte->wire_count >= srcmpte->wire_count)
4103 rw_wunlock(&pvh_global_lock);
4104 PMAP_UNLOCK(src_pmap);
4105 PMAP_UNLOCK(dst_pmap);
4108 static __inline void
4109 pagezero(void *page)
4111 #if defined(I686_CPU)
4112 if (cpu_class == CPUCLASS_686) {
4113 #if defined(CPU_ENABLE_SSE)
4114 if (cpu_feature & CPUID_SSE2)
4115 sse2_pagezero(page);
4118 i686_pagezero(page);
4121 bzero(page, PAGE_SIZE);
4125 * pmap_zero_page zeros the specified hardware page by mapping
4126 * the page into KVM and using bzero to clear its contents.
4129 pmap_zero_page(vm_page_t m)
4131 struct sysmaps *sysmaps;
4133 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4134 mtx_lock(&sysmaps->lock);
4135 if (*sysmaps->CMAP2)
4136 panic("pmap_zero_page: CMAP2 busy");
4138 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M |
4139 pmap_cache_bits(m->md.pat_mode, 0);
4140 invlcaddr(sysmaps->CADDR2);
4141 pagezero(sysmaps->CADDR2);
4142 *sysmaps->CMAP2 = 0;
4144 mtx_unlock(&sysmaps->lock);
4148 * pmap_zero_page_area zeros the specified hardware page by mapping
4149 * the page into KVM and using bzero to clear its contents.
4151 * off and size may not cover an area beyond a single hardware page.
4154 pmap_zero_page_area(vm_page_t m, int off, int size)
4156 struct sysmaps *sysmaps;
4158 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4159 mtx_lock(&sysmaps->lock);
4160 if (*sysmaps->CMAP2)
4161 panic("pmap_zero_page_area: CMAP2 busy");
4163 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M |
4164 pmap_cache_bits(m->md.pat_mode, 0);
4165 invlcaddr(sysmaps->CADDR2);
4166 if (off == 0 && size == PAGE_SIZE)
4167 pagezero(sysmaps->CADDR2);
4169 bzero((char *)sysmaps->CADDR2 + off, size);
4170 *sysmaps->CMAP2 = 0;
4172 mtx_unlock(&sysmaps->lock);
4176 * pmap_zero_page_idle zeros the specified hardware page by mapping
4177 * the page into KVM and using bzero to clear its contents. This
4178 * is intended to be called from the vm_pagezero process only and
4182 pmap_zero_page_idle(vm_page_t m)
4186 panic("pmap_zero_page_idle: CMAP3 busy");
4188 *CMAP3 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) | PG_A | PG_M |
4189 pmap_cache_bits(m->md.pat_mode, 0);
4197 * pmap_copy_page copies the specified (machine independent)
4198 * page by mapping the page into virtual memory and using
4199 * bcopy to copy the page, one machine dependent page at a
4203 pmap_copy_page(vm_page_t src, vm_page_t dst)
4205 struct sysmaps *sysmaps;
4207 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
4208 mtx_lock(&sysmaps->lock);
4209 if (*sysmaps->CMAP1)
4210 panic("pmap_copy_page: CMAP1 busy");
4211 if (*sysmaps->CMAP2)
4212 panic("pmap_copy_page: CMAP2 busy");
4214 invlpg((u_int)sysmaps->CADDR1);
4215 invlpg((u_int)sysmaps->CADDR2);
4216 *sysmaps->CMAP1 = PG_V | VM_PAGE_TO_PHYS(src) | PG_A |
4217 pmap_cache_bits(src->md.pat_mode, 0);
4218 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(dst) | PG_A | PG_M |
4219 pmap_cache_bits(dst->md.pat_mode, 0);
4220 bcopy(sysmaps->CADDR1, sysmaps->CADDR2, PAGE_SIZE);
4221 *sysmaps->CMAP1 = 0;
4222 *sysmaps->CMAP2 = 0;
4224 mtx_unlock(&sysmaps->lock);
4228 * Returns true if the pmap's pv is one of the first
4229 * 16 pvs linked to from this page. This count may
4230 * be changed upwards or downwards in the future; it
4231 * is only necessary that true be returned for a small
4232 * subset of pmaps for proper page aging.
4235 pmap_page_exists_quick(pmap_t pmap, vm_page_t m)
4237 struct md_page *pvh;
4242 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4243 ("pmap_page_exists_quick: page %p is not managed", m));
4245 rw_wlock(&pvh_global_lock);
4246 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4247 if (PV_PMAP(pv) == pmap) {
4255 if (!rv && loops < 16 && (m->flags & PG_FICTITIOUS) == 0) {
4256 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4257 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4258 if (PV_PMAP(pv) == pmap) {
4267 rw_wunlock(&pvh_global_lock);
4272 * pmap_page_wired_mappings:
4274 * Return the number of managed mappings to the given physical page
4278 pmap_page_wired_mappings(vm_page_t m)
4283 if ((m->oflags & VPO_UNMANAGED) != 0)
4285 rw_wlock(&pvh_global_lock);
4286 count = pmap_pvh_wired_mappings(&m->md, count);
4287 if ((m->flags & PG_FICTITIOUS) == 0) {
4288 count = pmap_pvh_wired_mappings(pa_to_pvh(VM_PAGE_TO_PHYS(m)),
4291 rw_wunlock(&pvh_global_lock);
4296 * pmap_pvh_wired_mappings:
4298 * Return the updated number "count" of managed mappings that are wired.
4301 pmap_pvh_wired_mappings(struct md_page *pvh, int count)
4307 rw_assert(&pvh_global_lock, RA_WLOCKED);
4309 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4312 pte = pmap_pte_quick(pmap, pv->pv_va);
4313 if ((*pte & PG_W) != 0)
4322 * Returns TRUE if the given page is mapped individually or as part of
4323 * a 4mpage. Otherwise, returns FALSE.
4326 pmap_page_is_mapped(vm_page_t m)
4330 if ((m->oflags & VPO_UNMANAGED) != 0)
4332 rw_wlock(&pvh_global_lock);
4333 rv = !TAILQ_EMPTY(&m->md.pv_list) ||
4334 ((m->flags & PG_FICTITIOUS) == 0 &&
4335 !TAILQ_EMPTY(&pa_to_pvh(VM_PAGE_TO_PHYS(m))->pv_list));
4336 rw_wunlock(&pvh_global_lock);
4341 * Remove all pages from specified address space
4342 * this aids process exit speeds. Also, this code
4343 * is special cased for current process only, but
4344 * can have the more generic (and slightly slower)
4345 * mode enabled. This is much faster than pmap_remove
4346 * in the case of running down an entire address space.
4349 pmap_remove_pages(pmap_t pmap)
4351 pt_entry_t *pte, tpte;
4352 vm_page_t free = NULL;
4353 vm_page_t m, mpte, mt;
4355 struct md_page *pvh;
4356 struct pv_chunk *pc, *npc;
4359 uint32_t inuse, bitmask;
4362 if (pmap != PCPU_GET(curpmap)) {
4363 printf("warning: pmap_remove_pages called with non-current pmap\n");
4366 rw_wlock(&pvh_global_lock);
4369 TAILQ_FOREACH_SAFE(pc, &pmap->pm_pvchunk, pc_list, npc) {
4370 KASSERT(pc->pc_pmap == pmap, ("Wrong pmap %p %p", pmap,
4373 for (field = 0; field < _NPCM; field++) {
4374 inuse = ~pc->pc_map[field] & pc_freemask[field];
4375 while (inuse != 0) {
4377 bitmask = 1UL << bit;
4378 idx = field * 32 + bit;
4379 pv = &pc->pc_pventry[idx];
4382 pte = pmap_pde(pmap, pv->pv_va);
4384 if ((tpte & PG_PS) == 0) {
4385 pte = vtopte(pv->pv_va);
4386 tpte = *pte & ~PG_PTE_PAT;
4391 "TPTE at %p IS ZERO @ VA %08x\n",
4397 * We cannot remove wired pages from a process' mapping at this time
4404 m = PHYS_TO_VM_PAGE(tpte & PG_FRAME);
4405 KASSERT(m->phys_addr == (tpte & PG_FRAME),
4406 ("vm_page_t %p phys_addr mismatch %016jx %016jx",
4407 m, (uintmax_t)m->phys_addr,
4410 KASSERT((m->flags & PG_FICTITIOUS) != 0 ||
4411 m < &vm_page_array[vm_page_array_size],
4412 ("pmap_remove_pages: bad tpte %#jx",
4418 * Update the vm_page_t clean/reference bits.
4420 if ((tpte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
4421 if ((tpte & PG_PS) != 0) {
4422 for (mt = m; mt < &m[NBPDR / PAGE_SIZE]; mt++)
4429 PV_STAT(pv_entry_frees++);
4430 PV_STAT(pv_entry_spare++);
4432 pc->pc_map[field] |= bitmask;
4433 if ((tpte & PG_PS) != 0) {
4434 pmap->pm_stats.resident_count -= NBPDR / PAGE_SIZE;
4435 pvh = pa_to_pvh(tpte & PG_PS_FRAME);
4436 TAILQ_REMOVE(&pvh->pv_list, pv, pv_list);
4437 if (TAILQ_EMPTY(&pvh->pv_list)) {
4438 for (mt = m; mt < &m[NBPDR / PAGE_SIZE]; mt++)
4439 if (TAILQ_EMPTY(&mt->md.pv_list))
4440 vm_page_aflag_clear(mt, PGA_WRITEABLE);
4442 mpte = pmap_lookup_pt_page(pmap, pv->pv_va);
4444 pmap_remove_pt_page(pmap, mpte);
4445 pmap->pm_stats.resident_count--;
4446 KASSERT(mpte->wire_count == NPTEPG,
4447 ("pmap_remove_pages: pte page wire count error"));
4448 mpte->wire_count = 0;
4449 pmap_add_delayed_free_list(mpte, &free, FALSE);
4450 atomic_subtract_int(&cnt.v_wire_count, 1);
4453 pmap->pm_stats.resident_count--;
4454 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
4455 if (TAILQ_EMPTY(&m->md.pv_list) &&
4456 (m->flags & PG_FICTITIOUS) == 0) {
4457 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4458 if (TAILQ_EMPTY(&pvh->pv_list))
4459 vm_page_aflag_clear(m, PGA_WRITEABLE);
4461 pmap_unuse_pt(pmap, pv->pv_va, &free);
4466 TAILQ_REMOVE(&pmap->pm_pvchunk, pc, pc_list);
4471 pmap_invalidate_all(pmap);
4472 rw_wunlock(&pvh_global_lock);
4474 pmap_free_zero_pages(free);
4480 * Return whether or not the specified physical page was modified
4481 * in any physical maps.
4484 pmap_is_modified(vm_page_t m)
4488 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4489 ("pmap_is_modified: page %p is not managed", m));
4492 * If the page is not VPO_BUSY, then PGA_WRITEABLE cannot be
4493 * concurrently set while the object is locked. Thus, if PGA_WRITEABLE
4494 * is clear, no PTEs can have PG_M set.
4496 VM_OBJECT_LOCK_ASSERT(m->object, MA_OWNED);
4497 if ((m->oflags & VPO_BUSY) == 0 &&
4498 (m->aflags & PGA_WRITEABLE) == 0)
4500 rw_wlock(&pvh_global_lock);
4501 rv = pmap_is_modified_pvh(&m->md) ||
4502 ((m->flags & PG_FICTITIOUS) == 0 &&
4503 pmap_is_modified_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
4504 rw_wunlock(&pvh_global_lock);
4509 * Returns TRUE if any of the given mappings were used to modify
4510 * physical memory. Otherwise, returns FALSE. Both page and 2mpage
4511 * mappings are supported.
4514 pmap_is_modified_pvh(struct md_page *pvh)
4521 rw_assert(&pvh_global_lock, RA_WLOCKED);
4524 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4527 pte = pmap_pte_quick(pmap, pv->pv_va);
4528 rv = (*pte & (PG_M | PG_RW)) == (PG_M | PG_RW);
4538 * pmap_is_prefaultable:
4540 * Return whether or not the specified virtual address is elgible
4544 pmap_is_prefaultable(pmap_t pmap, vm_offset_t addr)
4552 pde = pmap_pde(pmap, addr);
4553 if (*pde != 0 && (*pde & PG_PS) == 0) {
4562 * pmap_is_referenced:
4564 * Return whether or not the specified physical page was referenced
4565 * in any physical maps.
4568 pmap_is_referenced(vm_page_t m)
4572 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4573 ("pmap_is_referenced: page %p is not managed", m));
4574 rw_wlock(&pvh_global_lock);
4575 rv = pmap_is_referenced_pvh(&m->md) ||
4576 ((m->flags & PG_FICTITIOUS) == 0 &&
4577 pmap_is_referenced_pvh(pa_to_pvh(VM_PAGE_TO_PHYS(m))));
4578 rw_wunlock(&pvh_global_lock);
4583 * Returns TRUE if any of the given mappings were referenced and FALSE
4584 * otherwise. Both page and 4mpage mappings are supported.
4587 pmap_is_referenced_pvh(struct md_page *pvh)
4594 rw_assert(&pvh_global_lock, RA_WLOCKED);
4597 TAILQ_FOREACH(pv, &pvh->pv_list, pv_list) {
4600 pte = pmap_pte_quick(pmap, pv->pv_va);
4601 rv = (*pte & (PG_A | PG_V)) == (PG_A | PG_V);
4611 * Clear the write and modified bits in each of the given page's mappings.
4614 pmap_remove_write(vm_page_t m)
4616 struct md_page *pvh;
4617 pv_entry_t next_pv, pv;
4620 pt_entry_t oldpte, *pte;
4623 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4624 ("pmap_remove_write: page %p is not managed", m));
4627 * If the page is not VPO_BUSY, then PGA_WRITEABLE cannot be set by
4628 * another thread while the object is locked. Thus, if PGA_WRITEABLE
4629 * is clear, no page table entries need updating.
4631 VM_OBJECT_LOCK_ASSERT(m->object, MA_OWNED);
4632 if ((m->oflags & VPO_BUSY) == 0 &&
4633 (m->aflags & PGA_WRITEABLE) == 0)
4635 rw_wlock(&pvh_global_lock);
4637 if ((m->flags & PG_FICTITIOUS) != 0)
4638 goto small_mappings;
4639 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4640 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_list, next_pv) {
4644 pde = pmap_pde(pmap, va);
4645 if ((*pde & PG_RW) != 0)
4646 (void)pmap_demote_pde(pmap, pde, va);
4650 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4653 pde = pmap_pde(pmap, pv->pv_va);
4654 KASSERT((*pde & PG_PS) == 0, ("pmap_clear_write: found"
4655 " a 4mpage in page %p's pv list", m));
4656 pte = pmap_pte_quick(pmap, pv->pv_va);
4659 if ((oldpte & PG_RW) != 0) {
4661 * Regardless of whether a pte is 32 or 64 bits
4662 * in size, PG_RW and PG_M are among the least
4663 * significant 32 bits.
4665 if (!atomic_cmpset_int((u_int *)pte, oldpte,
4666 oldpte & ~(PG_RW | PG_M)))
4668 if ((oldpte & PG_M) != 0)
4670 pmap_invalidate_page(pmap, pv->pv_va);
4674 vm_page_aflag_clear(m, PGA_WRITEABLE);
4676 rw_wunlock(&pvh_global_lock);
4680 * pmap_ts_referenced:
4682 * Return a count of reference bits for a page, clearing those bits.
4683 * It is not necessary for every reference bit to be cleared, but it
4684 * is necessary that 0 only be returned when there are truly no
4685 * reference bits set.
4687 * XXX: The exact number of bits to check and clear is a matter that
4688 * should be tested and standardized at some point in the future for
4689 * optimal aging of shared pages.
4692 pmap_ts_referenced(vm_page_t m)
4694 struct md_page *pvh;
4695 pv_entry_t pv, pvf, pvn;
4697 pd_entry_t oldpde, *pde;
4702 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4703 ("pmap_ts_referenced: page %p is not managed", m));
4704 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4705 rw_wlock(&pvh_global_lock);
4707 if ((m->flags & PG_FICTITIOUS) != 0)
4708 goto small_mappings;
4709 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_list, pvn) {
4713 pde = pmap_pde(pmap, va);
4715 if ((oldpde & PG_A) != 0) {
4716 if (pmap_demote_pde(pmap, pde, va)) {
4717 if ((oldpde & PG_W) == 0) {
4719 * Remove the mapping to a single page
4720 * so that a subsequent access may
4721 * repromote. Since the underlying
4722 * page table page is fully populated,
4723 * this removal never frees a page
4726 va += VM_PAGE_TO_PHYS(m) - (oldpde &
4728 pmap_remove_page(pmap, va, NULL);
4740 if ((pv = TAILQ_FIRST(&m->md.pv_list)) != NULL) {
4743 pvn = TAILQ_NEXT(pv, pv_list);
4744 TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
4745 TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
4748 pde = pmap_pde(pmap, pv->pv_va);
4749 KASSERT((*pde & PG_PS) == 0, ("pmap_ts_referenced:"
4750 " found a 4mpage in page %p's pv list", m));
4751 pte = pmap_pte_quick(pmap, pv->pv_va);
4752 if ((*pte & PG_A) != 0) {
4753 atomic_clear_int((u_int *)pte, PG_A);
4754 pmap_invalidate_page(pmap, pv->pv_va);
4760 } while ((pv = pvn) != NULL && pv != pvf);
4764 rw_wunlock(&pvh_global_lock);
4769 * Clear the modify bits on the specified physical page.
4772 pmap_clear_modify(vm_page_t m)
4774 struct md_page *pvh;
4775 pv_entry_t next_pv, pv;
4777 pd_entry_t oldpde, *pde;
4778 pt_entry_t oldpte, *pte;
4781 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4782 ("pmap_clear_modify: page %p is not managed", m));
4783 VM_OBJECT_LOCK_ASSERT(m->object, MA_OWNED);
4784 KASSERT((m->oflags & VPO_BUSY) == 0,
4785 ("pmap_clear_modify: page %p is busy", m));
4788 * If the page is not PGA_WRITEABLE, then no PTEs can have PG_M set.
4789 * If the object containing the page is locked and the page is not
4790 * VPO_BUSY, then PGA_WRITEABLE cannot be concurrently set.
4792 if ((m->aflags & PGA_WRITEABLE) == 0)
4794 rw_wlock(&pvh_global_lock);
4796 if ((m->flags & PG_FICTITIOUS) != 0)
4797 goto small_mappings;
4798 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4799 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_list, next_pv) {
4803 pde = pmap_pde(pmap, va);
4805 if ((oldpde & PG_RW) != 0) {
4806 if (pmap_demote_pde(pmap, pde, va)) {
4807 if ((oldpde & PG_W) == 0) {
4809 * Write protect the mapping to a
4810 * single page so that a subsequent
4811 * write access may repromote.
4813 va += VM_PAGE_TO_PHYS(m) - (oldpde &
4815 pte = pmap_pte_quick(pmap, va);
4817 if ((oldpte & PG_V) != 0) {
4819 * Regardless of whether a pte is 32 or 64 bits
4820 * in size, PG_RW and PG_M are among the least
4821 * significant 32 bits.
4823 while (!atomic_cmpset_int((u_int *)pte,
4825 oldpte & ~(PG_M | PG_RW)))
4828 pmap_invalidate_page(pmap, va);
4836 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4839 pde = pmap_pde(pmap, pv->pv_va);
4840 KASSERT((*pde & PG_PS) == 0, ("pmap_clear_modify: found"
4841 " a 4mpage in page %p's pv list", m));
4842 pte = pmap_pte_quick(pmap, pv->pv_va);
4843 if ((*pte & (PG_M | PG_RW)) == (PG_M | PG_RW)) {
4845 * Regardless of whether a pte is 32 or 64 bits
4846 * in size, PG_M is among the least significant
4849 atomic_clear_int((u_int *)pte, PG_M);
4850 pmap_invalidate_page(pmap, pv->pv_va);
4855 rw_wunlock(&pvh_global_lock);
4859 * pmap_clear_reference:
4861 * Clear the reference bit on the specified physical page.
4864 pmap_clear_reference(vm_page_t m)
4866 struct md_page *pvh;
4867 pv_entry_t next_pv, pv;
4869 pd_entry_t oldpde, *pde;
4873 KASSERT((m->oflags & VPO_UNMANAGED) == 0,
4874 ("pmap_clear_reference: page %p is not managed", m));
4875 rw_wlock(&pvh_global_lock);
4877 if ((m->flags & PG_FICTITIOUS) != 0)
4878 goto small_mappings;
4879 pvh = pa_to_pvh(VM_PAGE_TO_PHYS(m));
4880 TAILQ_FOREACH_SAFE(pv, &pvh->pv_list, pv_list, next_pv) {
4884 pde = pmap_pde(pmap, va);
4886 if ((oldpde & PG_A) != 0) {
4887 if (pmap_demote_pde(pmap, pde, va)) {
4889 * Remove the mapping to a single page so
4890 * that a subsequent access may repromote.
4891 * Since the underlying page table page is
4892 * fully populated, this removal never frees
4893 * a page table page.
4895 va += VM_PAGE_TO_PHYS(m) - (oldpde &
4897 pmap_remove_page(pmap, va, NULL);
4903 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
4906 pde = pmap_pde(pmap, pv->pv_va);
4907 KASSERT((*pde & PG_PS) == 0, ("pmap_clear_reference: found"
4908 " a 4mpage in page %p's pv list", m));
4909 pte = pmap_pte_quick(pmap, pv->pv_va);
4910 if ((*pte & PG_A) != 0) {
4912 * Regardless of whether a pte is 32 or 64 bits
4913 * in size, PG_A is among the least significant
4916 atomic_clear_int((u_int *)pte, PG_A);
4917 pmap_invalidate_page(pmap, pv->pv_va);
4922 rw_wunlock(&pvh_global_lock);
4926 * Miscellaneous support routines follow
4929 /* Adjust the cache mode for a 4KB page mapped via a PTE. */
4930 static __inline void
4931 pmap_pte_attr(pt_entry_t *pte, int cache_bits)
4936 * The cache mode bits are all in the low 32-bits of the
4937 * PTE, so we can just spin on updating the low 32-bits.
4940 opte = *(u_int *)pte;
4941 npte = opte & ~PG_PTE_CACHE;
4943 } while (npte != opte && !atomic_cmpset_int((u_int *)pte, opte, npte));
4946 /* Adjust the cache mode for a 2/4MB page mapped via a PDE. */
4947 static __inline void
4948 pmap_pde_attr(pd_entry_t *pde, int cache_bits)
4953 * The cache mode bits are all in the low 32-bits of the
4954 * PDE, so we can just spin on updating the low 32-bits.
4957 opde = *(u_int *)pde;
4958 npde = opde & ~PG_PDE_CACHE;
4960 } while (npde != opde && !atomic_cmpset_int((u_int *)pde, opde, npde));
4964 * Map a set of physical memory pages into the kernel virtual
4965 * address space. Return a pointer to where it is mapped. This
4966 * routine is intended to be used for mapping device memory,
4970 pmap_mapdev_attr(vm_paddr_t pa, vm_size_t size, int mode)
4972 vm_offset_t va, offset;
4975 offset = pa & PAGE_MASK;
4976 size = roundup(offset + size, PAGE_SIZE);
4979 if (pa < KERNLOAD && pa + size <= KERNLOAD)
4982 va = kmem_alloc_nofault(kernel_map, size);
4984 panic("pmap_mapdev: Couldn't alloc kernel virtual memory");
4986 for (tmpsize = 0; tmpsize < size; tmpsize += PAGE_SIZE)
4987 pmap_kenter_attr(va + tmpsize, pa + tmpsize, mode);
4988 pmap_invalidate_range(kernel_pmap, va, va + tmpsize);
4989 pmap_invalidate_cache_range(va, va + size);
4990 return ((void *)(va + offset));
4994 pmap_mapdev(vm_paddr_t pa, vm_size_t size)
4997 return (pmap_mapdev_attr(pa, size, PAT_UNCACHEABLE));
5001 pmap_mapbios(vm_paddr_t pa, vm_size_t size)
5004 return (pmap_mapdev_attr(pa, size, PAT_WRITE_BACK));
5008 pmap_unmapdev(vm_offset_t va, vm_size_t size)
5010 vm_offset_t base, offset;
5012 if (va >= KERNBASE && va + size <= KERNBASE + KERNLOAD)
5014 base = trunc_page(va);
5015 offset = va & PAGE_MASK;
5016 size = roundup(offset + size, PAGE_SIZE);
5017 kmem_free(kernel_map, base, size);
5021 * Sets the memory attribute for the specified page.
5024 pmap_page_set_memattr(vm_page_t m, vm_memattr_t ma)
5027 m->md.pat_mode = ma;
5028 if ((m->flags & PG_FICTITIOUS) != 0)
5032 * If "m" is a normal page, flush it from the cache.
5033 * See pmap_invalidate_cache_range().
5035 * First, try to find an existing mapping of the page by sf
5036 * buffer. sf_buf_invalidate_cache() modifies mapping and
5037 * flushes the cache.
5039 if (sf_buf_invalidate_cache(m))
5043 * If page is not mapped by sf buffer, but CPU does not
5044 * support self snoop, map the page transient and do
5045 * invalidation. In the worst case, whole cache is flushed by
5046 * pmap_invalidate_cache_range().
5048 if ((cpu_feature & CPUID_SS) == 0)
5053 pmap_flush_page(vm_page_t m)
5055 struct sysmaps *sysmaps;
5056 vm_offset_t sva, eva;
5058 if ((cpu_feature & CPUID_CLFSH) != 0) {
5059 sysmaps = &sysmaps_pcpu[PCPU_GET(cpuid)];
5060 mtx_lock(&sysmaps->lock);
5061 if (*sysmaps->CMAP2)
5062 panic("pmap_flush_page: CMAP2 busy");
5064 *sysmaps->CMAP2 = PG_V | PG_RW | VM_PAGE_TO_PHYS(m) |
5065 PG_A | PG_M | pmap_cache_bits(m->md.pat_mode, 0);
5066 invlcaddr(sysmaps->CADDR2);
5067 sva = (vm_offset_t)sysmaps->CADDR2;
5068 eva = sva + PAGE_SIZE;
5071 * Use mfence despite the ordering implied by
5072 * mtx_{un,}lock() because clflush is not guaranteed
5073 * to be ordered by any other instruction.
5076 for (; sva < eva; sva += cpu_clflush_line_size)
5079 *sysmaps->CMAP2 = 0;
5081 mtx_unlock(&sysmaps->lock);
5083 pmap_invalidate_cache();
5087 * Changes the specified virtual address range's memory type to that given by
5088 * the parameter "mode". The specified virtual address range must be
5089 * completely contained within either the kernel map.
5091 * Returns zero if the change completed successfully, and either EINVAL or
5092 * ENOMEM if the change failed. Specifically, EINVAL is returned if some part
5093 * of the virtual address range was not mapped, and ENOMEM is returned if
5094 * there was insufficient memory available to complete the change.
5097 pmap_change_attr(vm_offset_t va, vm_size_t size, int mode)
5099 vm_offset_t base, offset, tmpva;
5102 int cache_bits_pte, cache_bits_pde;
5105 base = trunc_page(va);
5106 offset = va & PAGE_MASK;
5107 size = roundup(offset + size, PAGE_SIZE);
5110 * Only supported on kernel virtual addresses above the recursive map.
5112 if (base < VM_MIN_KERNEL_ADDRESS)
5115 cache_bits_pde = pmap_cache_bits(mode, 1);
5116 cache_bits_pte = pmap_cache_bits(mode, 0);
5120 * Pages that aren't mapped aren't supported. Also break down
5121 * 2/4MB pages into 4KB pages if required.
5123 PMAP_LOCK(kernel_pmap);
5124 for (tmpva = base; tmpva < base + size; ) {
5125 pde = pmap_pde(kernel_pmap, tmpva);
5127 PMAP_UNLOCK(kernel_pmap);
5132 * If the current 2/4MB page already has
5133 * the required memory type, then we need not
5134 * demote this page. Just increment tmpva to
5135 * the next 2/4MB page frame.
5137 if ((*pde & PG_PDE_CACHE) == cache_bits_pde) {
5138 tmpva = trunc_4mpage(tmpva) + NBPDR;
5143 * If the current offset aligns with a 2/4MB
5144 * page frame and there is at least 2/4MB left
5145 * within the range, then we need not break
5146 * down this page into 4KB pages.
5148 if ((tmpva & PDRMASK) == 0 &&
5149 tmpva + PDRMASK < base + size) {
5153 if (!pmap_demote_pde(kernel_pmap, pde, tmpva)) {
5154 PMAP_UNLOCK(kernel_pmap);
5158 pte = vtopte(tmpva);
5160 PMAP_UNLOCK(kernel_pmap);
5165 PMAP_UNLOCK(kernel_pmap);
5168 * Ok, all the pages exist, so run through them updating their
5169 * cache mode if required.
5171 for (tmpva = base; tmpva < base + size; ) {
5172 pde = pmap_pde(kernel_pmap, tmpva);
5174 if ((*pde & PG_PDE_CACHE) != cache_bits_pde) {
5175 pmap_pde_attr(pde, cache_bits_pde);
5178 tmpva = trunc_4mpage(tmpva) + NBPDR;
5180 pte = vtopte(tmpva);
5181 if ((*pte & PG_PTE_CACHE) != cache_bits_pte) {
5182 pmap_pte_attr(pte, cache_bits_pte);
5190 * Flush CPU caches to make sure any data isn't cached that
5191 * shouldn't be, etc.
5194 pmap_invalidate_range(kernel_pmap, base, tmpva);
5195 pmap_invalidate_cache_range(base, tmpva);
5201 * perform the pmap work for mincore
5204 pmap_mincore(pmap_t pmap, vm_offset_t addr, vm_paddr_t *locked_pa)
5207 pt_entry_t *ptep, pte;
5213 pdep = pmap_pde(pmap, addr);
5215 if (*pdep & PG_PS) {
5217 /* Compute the physical address of the 4KB page. */
5218 pa = ((*pdep & PG_PS_FRAME) | (addr & PDRMASK)) &
5220 val = MINCORE_SUPER;
5222 ptep = pmap_pte(pmap, addr);
5224 pmap_pte_release(ptep);
5225 pa = pte & PG_FRAME;
5233 if ((pte & PG_V) != 0) {
5234 val |= MINCORE_INCORE;
5235 if ((pte & (PG_M | PG_RW)) == (PG_M | PG_RW))
5236 val |= MINCORE_MODIFIED | MINCORE_MODIFIED_OTHER;
5237 if ((pte & PG_A) != 0)
5238 val |= MINCORE_REFERENCED | MINCORE_REFERENCED_OTHER;
5240 if ((val & (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER)) !=
5241 (MINCORE_MODIFIED_OTHER | MINCORE_REFERENCED_OTHER) &&
5242 (pte & (PG_MANAGED | PG_V)) == (PG_MANAGED | PG_V)) {
5243 /* Ensure that "PHYS_TO_VM_PAGE(pa)->object" doesn't change. */
5244 if (vm_page_pa_tryrelock(pmap, pa, locked_pa))
5247 PA_UNLOCK_COND(*locked_pa);
5253 pmap_activate(struct thread *td)
5255 pmap_t pmap, oldpmap;
5260 pmap = vmspace_pmap(td->td_proc->p_vmspace);
5261 oldpmap = PCPU_GET(curpmap);
5262 cpuid = PCPU_GET(cpuid);
5264 CPU_CLR_ATOMIC(cpuid, &oldpmap->pm_active);
5265 CPU_SET_ATOMIC(cpuid, &pmap->pm_active);
5267 CPU_CLR(cpuid, &oldpmap->pm_active);
5268 CPU_SET(cpuid, &pmap->pm_active);
5271 cr3 = vtophys(pmap->pm_pdpt);
5273 cr3 = vtophys(pmap->pm_pdir);
5276 * pmap_activate is for the current thread on the current cpu
5278 td->td_pcb->pcb_cr3 = cr3;
5280 PCPU_SET(curpmap, pmap);
5285 pmap_sync_icache(pmap_t pm, vm_offset_t va, vm_size_t sz)
5290 * Increase the starting virtual address of the given mapping if a
5291 * different alignment might result in more superpage mappings.
5294 pmap_align_superpage(vm_object_t object, vm_ooffset_t offset,
5295 vm_offset_t *addr, vm_size_t size)
5297 vm_offset_t superpage_offset;
5301 if (object != NULL && (object->flags & OBJ_COLORED) != 0)
5302 offset += ptoa(object->pg_color);
5303 superpage_offset = offset & PDRMASK;
5304 if (size - ((NBPDR - superpage_offset) & PDRMASK) < NBPDR ||
5305 (*addr & PDRMASK) == superpage_offset)
5307 if ((*addr & PDRMASK) < superpage_offset)
5308 *addr = (*addr & ~PDRMASK) + superpage_offset;
5310 *addr = ((*addr + PDRMASK) & ~PDRMASK) + superpage_offset;
5314 #if defined(PMAP_DEBUG)
5315 pmap_pid_dump(int pid)
5322 sx_slock(&allproc_lock);
5323 FOREACH_PROC_IN_SYSTEM(p) {
5324 if (p->p_pid != pid)
5330 pmap = vmspace_pmap(p->p_vmspace);
5331 for (i = 0; i < NPDEPTD; i++) {
5334 vm_offset_t base = i << PDRSHIFT;
5336 pde = &pmap->pm_pdir[i];
5337 if (pde && pmap_pde_v(pde)) {
5338 for (j = 0; j < NPTEPG; j++) {
5339 vm_offset_t va = base + (j << PAGE_SHIFT);
5340 if (va >= (vm_offset_t) VM_MIN_KERNEL_ADDRESS) {
5345 sx_sunlock(&allproc_lock);
5348 pte = pmap_pte(pmap, va);
5349 if (pte && pmap_pte_v(pte)) {
5353 m = PHYS_TO_VM_PAGE(pa & PG_FRAME);
5354 printf("va: 0x%x, pt: 0x%x, h: %d, w: %d, f: 0x%x",
5355 va, pa, m->hold_count, m->wire_count, m->flags);
5370 sx_sunlock(&allproc_lock);
5377 static void pads(pmap_t pm);
5378 void pmap_pvdump(vm_paddr_t pa);
5380 /* print address space of pmap*/
5388 if (pm == kernel_pmap)
5390 for (i = 0; i < NPDEPTD; i++)
5392 for (j = 0; j < NPTEPG; j++) {
5393 va = (i << PDRSHIFT) + (j << PAGE_SHIFT);
5394 if (pm == kernel_pmap && va < KERNBASE)
5396 if (pm != kernel_pmap && va > UPT_MAX_ADDRESS)
5398 ptep = pmap_pte(pm, va);
5399 if (pmap_pte_v(ptep))
5400 printf("%x:%x ", va, *ptep);
5406 pmap_pvdump(vm_paddr_t pa)
5412 printf("pa %x", pa);
5413 m = PHYS_TO_VM_PAGE(pa);
5414 TAILQ_FOREACH(pv, &m->md.pv_list, pv_list) {
5416 printf(" -> pmap %p, va %x", (void *)pmap, pv->pv_va);
projects / FreeBSD / FreeBSD.git / blob